[TUHS] UNIX of choice these days?
Bakul Shah
bakul at bitblocks.com
Tue Sep 26 02:14:13 AEST 2017
I have known about capsicum (& have been a fan of capabilities since
late 70s - even used a form of them in my last job!) but my point was to
suggest unix kernel simplification and something like that may fall out
naturally rather than having to be bolted on. Rather than write an OS
from scratch, incrementally evolve what works. Writing something from
scratch is always easier but you also end up relearning the same
lessons + much harder to get acceptance. But an embrace and extend
model ala C to C++ or what GNU programs have done stands a better
chance. Except that I’m suggesting “extending” by simplifying!
> On Sep 25, 2017, at 8:45 AM, Tony Finch <dot at dotat.at> wrote:
>
> Bakul Shah <bakul at bitblocks.com> wrote:
>>
>> I think a few changes can make Unix much more plan9 like.
>> Things like: file descriptors are actually capabilities (or
>> handles, for short) and each process starts with a set of
>> handles and it can only reach those resources that its handles
>> allow. It can also gain new handles via operations on existing
>> handles. Right here you can see that a process is already
>> sandboxed. You don't need containers or jails!
>
> You can opt-in to this way of working by using the capsicum API,
> http://www.cl.cam.ac.uk/research/security/capsicum/
> but that's really intended for programs to discipline themselves rather
> than as something pervasive.
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
> Portland, Plymouth, Biscay: Northwest 4 or 5, becoming variable 3 or 4 later.
> Moderate or rough, becoming slight or moderate. Mainly fair. Moderate or good.
More information about the TUHS
mailing list