[cap-talk] A dabblers take on security
Jonathan S. Shapiro
shap at eros-os.com
Tue Feb 5 21:35:25 EST 2008
On Tue, 2008-02-05 at 20:42 +0000, William Pearson wrote:
> Ocap has the negatives of
>
> Increased storage space for longer capabilities over normal pointers
It is not obvious that this is correct. Indeed, if the architecture
(perhaps in common with a conforming runtime) can ensure memory safety,
it is not obvious that any change to pointers is required at all, unless
it is possibly re-using the least three bits for a type code (this
assumes that capability-named objects are doublewords at minimum, which
does not seem unrealistic).
> Spreading the capability to all parts of a process that need it
No worse than spreading pointers.
shap
More information about the cap-talk
mailing list