L4.sec status ping

Bjoern Doebel doebel at os.inf.tu-dresden.de
Tue Aug 7 17:53:29 CEST 2007

Hash: SHA1


> On 8/7/07, Bjoern Doebel <doebel at os.inf.tu-dresden.de> wrote:
>>> What does "security monitor style IPC permissions" mean? Can it be found
>> in
>>> current Fiasco release?
>> Yes, it can be found in Fiasco. Tasks can be started in "monitored" mode
>> which means that they only possess rights to communicate with themselves,
>> their creators and the NIL thread. Every other IPC will raise a capability
>> fault which is sent to a user-defined capability fault handler. The
>> handler
>> may then act upon this fault by mapping an IPC right to the faulting task,
>> if it possesses this right itself. Whenever this right has been mapped, no
>> more capabilty faults will occur until the right is revoked at a later
>> point in time.
> Interesting, especially that I think IPC control is an obvious weakness of
> current L4 kernels. Is there any new l4 API specification release includes
> this feature?

Not yet, but there will probably be one in the future.

> Where do IPC capabilties originally come from? Maybe there is a privileged
> task (roottask?) that has all capabilites? How about the performance of this
> mechanism - searching the communication peer from the cap list in every IPC
> ...

Currently tasks that are started by roottask during system startup possess
all capabilities and may map those to clients. A specific IPC Monitor works
as the capability fault handler for the tasks started by our ELF loader and
can be configured by the user.

Performance isn't hurt that much. You only need to do the lookup once the
first IPC is sent between from task A to B. Afterwards, task A possesses
the communication capability and no more capfaults occur, therefore causing
no more overhead.

> Is this model only used in IPC contol or also to control other kernel
> resources, like memory pages, interrupts, task no ... Is task / thread
> creation controlled now in Fiasco?

Fiasco also includes a new mechanism to account in-kernel memory usage to
specific tasks. What kind of control do you want for task/thread creation?

> Why can I find news about changes to Fiasco?

Hopefully there will be a new Fiasco spec some day. ;)

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the l4-hackers mailing list