| Deutsch English Français Italiano |
|
<usta7f$16buu$2@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Robert Finch <robfi680@gmail.com>
Newsgroups: comp.arch
Subject: Re: Capabilities, Anybody?
Date: Wed, 13 Mar 2024 18:43:59 -0400
Organization: A noiseless patient Spider
Lines: 22
Message-ID: <usta7f$16buu$2@dont-email.me>
References: <usg40i$1udfo$3@dont-email.me>
<1951488caf6138e90c4bac62ee6ac41d@www.novabbs.org>
<_Y_GN.75295$LONb.13164@fx08.iad> <usibg4$2ffdn$1@dont-email.me>
<usif12$2g7eq$1@dont-email.me> <usinhj$2i2nn$1@dont-email.me>
<6b75cd0221ee827b49cd2275f2c65789@www.novabbs.org>
<Qry*XE3Ez@news.chiark.greenend.org.uk> <usla9a$3687e$1@dont-email.me>
<usmded$3gibh$1@dont-email.me> <usnid7$3os0b$1@dont-email.me>
<usr6na$on7u$1@dont-email.me>
<ee1e974410ea3ac4c23593c92c37a3fd@www.novabbs.org>
<ussqji$12vjp$1@dont-email.me>
<03159371a8f3251ced2cd3be21505896@www.novabbs.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 13 Mar 2024 22:43:59 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="d69fd8afbd3baa82fcbead69b33b753c";
logging-data="1257438"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+rIqFtdQ14hEzqgejNtBULiM80OONV26k="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:0qM5h9HjEdowXNBs8oid68n4hv0=
Content-Language: en-US
In-Reply-To: <03159371a8f3251ced2cd3be21505896@www.novabbs.org>
Bytes: 2496
>
> In the past, capability machines wanted to use capabilities for all
> relocation and all protection. As long as this is the case, an applica-
> tion has an unbounded need for capabilities.
It seems like it would have a lot of overhead, but it might be worth it
for security.
>
> You can grant this with limited capabilities (top 4-odd bits) only when
> you have a means to load a new capability into a known <capability> base
> register[i]. Since this is privileged data, either the specified function-
> ality of this instruction is precisely specified and operates with
> access to GuestOS address space.....it is difficult to imagine how to
> add Hyper-
> Vision on top of GuestOS supervision.
> {{Or do you intend to void Hypervisors?}}
I got the impression that with capabilities processor modes may not be
necessary. I think the distinction between hypervisor / supervisor may
be lost. Not sure that is a good idea.
om=MSDN