Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <memo.20240310171449.4308D@jgd.cix.co.uk>
Deutsch   English   Français   Italiano  
<memo.20240310171449.4308D@jgd.cix.co.uk>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jgd@cix.co.uk (John Dallman)
Newsgroups: comp.arch
Subject: Re: Capabilities, Anybody?
Date: Sun, 10 Mar 2024 17:14 +0000 (GMT Standard Time)
Organization: A noiseless patient Spider
Lines: 46
Message-ID: <memo.20240310171449.4308D@jgd.cix.co.uk>
References: <Qry*XE3Ez@news.chiark.greenend.org.uk>
Reply-To: jgd@cix.co.uk
Injection-Info: dont-email.me; posting-host="cae1fa548a706f5751bda9a68d910e12";
	logging-data="3238093"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+iyRRgtbyEB8jVS7nbpajAgpsfgh4kp08="
Cancel-Lock: sha1:lILKDRZakSHcLKbGWhhPl7QyVnc=
Bytes: 2858

In article <Qry*XE3Ez@news.chiark.greenend.org.uk>,
theom+news@chiark.greenend.org.uk (Theo Markettos) wrote:

> The C experience is fairly normal, as long as you are actually 
> playing by the C rules.  You can't arbitraily cast integers to
> pointers - if you plan to do that you need to use intptr_t so 
> the compiler knows to keep the data in a capability so it can 
> use it as a pointer later.

Makes sense, though it will require updating of older code for the rules
being more thoroughly enforced. Not a bad thing. 

> Tricks which store data in the upper or lower bits of pointers are 
> awkward. 

Not compatible with Aarch64 Pointer Authentication, but CHERI should be a
functional replacement anyway. 

> Changes in a 6M LoC KDE desktop codebase were 0.026% of lines:
> https://www.capabilitieslimited.co.uk/_files/ugd/f4d681_e0f23245dace
> 466297f20a0dbd22d371.pdf

15,000 or so changes. Quite a lot. Is the code backwards-compatible to a
conventional C platform? 

> Sandboxing involves dividing code into compartments; that involves 
> some decision making as to where you draw the security boundaries.  
> There aren't good tools to do that (they are being worked on). 
> CHERI offers you the tools to implement whatever compartmentalisation
> stategy you wish, but it's not quite as simple as just recompiling.

I have a slightly odd case: the software I work on ships as a great big
shared library that's used in-process by its caller. It isn't any kind of
server, and doesn't use any IPC; in concept it's a huge math library that
asks the caller to allocate memory for it. So it needs to share a heap
with the caller. Presumably that model is workable? 

> ... we're running on FreeBSD

That was a point against my experimenting with Morello when we were
offered it last year; the requirement to port to FreeBSD first. Morello
Linux seems insufficiently mature at present; do you have any idea of the
timescale for it to be robustly usable for porting application code by
someone who isn't experienced in Linux internals? 

John