Thanks for your reply.
On 8/7/07, Bjoern Doebel <doebel@os.inf.tu-dresden.de> wrote:
> What does "security monitor style IPC permissions" mean? Can it be found in
> current Fiasco release?
Yes, it can be found in Fiasco. Tasks can be started in "monitored" mode
which means that they only possess rights to communicate with themselves,
their creators and the NIL thread. Every other IPC will raise a capability
fault which is sent to a user-defined capability fault handler. The handler
may then act upon this fault by mapping an IPC right to the faulting task,
if it possesses this right itself. Whenever this right has been mapped, no
more capabilty faults will occur until the right is revoked at a later
point in time.
Interesting, especially that I think IPC control is an obvious weakness of current L4 kernels. Is there any new l4 API specification release includes this feature?
Where do IPC capabilties originally come from? Maybe there is a privileged task (roottask?) that has all capabilites? How about the performance of this mechanism - searching the communication peer from the cap list in every IPC ...
Is this model only used in IPC contol or also to control other kernel resources, like memory pages, interrupts, task no ... Is task / thread creation controlled now in Fiasco?
Why can I find news about changes to Fiasco?
Regards,
Wei Shen