Deutsch English Français Italiano |
<usg40i$1udfo$3@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Lawrence D'Oliveiro <ldo@nz.invalid> Newsgroups: comp.arch Subject: Capabilities, Anybody? Date: Fri, 8 Mar 2024 22:38:11 -0000 (UTC) Organization: A noiseless patient Spider Lines: 16 Message-ID: <usg40i$1udfo$3@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Fri, 8 Mar 2024 22:38:11 -0000 (UTC) Injection-Info: dont-email.me; posting-host="d5f167ea8e6b66fd37103ff38661b22f"; logging-data="2045432"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18ltQm6ZitfYWfTxENjFWjp" User-Agent: Pan/0.155 (Kherson; fc5a80b8) Cancel-Lock: sha1:ETPC/pGcpN5gslWo0EHpdnR4Wz8= Bytes: 1760 “Capabilities” are an old idea for doing memory protection by storing the access rights in unforgeable descriptors that are given to authorized processes. This way, there is no need for the traditional unprivileged- versus-privileged-processor-mode concept; process A can have privileged access to memory region X but not Y, while process B can have privileged access to memory region Y but not X, so neither is “more” privileged than the other: each one is trusted with just a limited set of privileged functions. The idea fell out of use because of performance issues. But in these more security-conscious times, the overhead seems more and more like a reasonable price to pay for the greater control it offers. There is a project called CHERI, whose concepts have been implemented in Arm’s “Morello” chip. <https://www.theregister.com/2022/07/26/cheri_computer_runs_kde/>