[cap-talk] Userspace virtual machine for running guest code
Baldur Jóhannsson
zarutian at gmail.com
Fri Sep 4 16:29:58 PDT 2009
On 4.12.2008, at 09:06, James A. Donald wrote:
> Baldur Johannsson wrote:
>> h'lo cap-talk
>> I recently came across the vx32 user space virtual machine library
>> that enables an host application to run untrusted x86 quest code.
>> The homepage for the vx32 library is http://pdos.csail.mit.edu/~baford/vm/
>> could this help running legacy code on capability based operating
>> systems like KeyKos, Eros and Capros?
>> probably
>> could this also allow oneself to implement capability based security
>> where one has only an unprivileged shell account on machine of the
>> x86 architecture?
>> yes definitely
>
> This is a framework, within which one can launch standard executable
> file - but you will have write a library for that file to interact
> with
> the outside world. The good thing is that the executable file will
> *only* be able to interact with the outside world through your
> library.
>
> That is a fairly big job.
>
That library can have this interface:
capmsg invoke(cap receiver, capmsg params); // synchronus
struct capmsg {
uint ordercode;
byte nrOfCaps;
cap caps[nrOfCaps];
ushort dataLength;
byte data[dataLength];
}
struct cap { unit c-index }
So, sure it is a bigger job than writing deflate decompression routine
but a bit
less than writing an xml parser and whole lot less than writing an
whole capos.
Kind regards.
-Baldur Jóhannsson
More information about the cap-talk
mailing list