My kernel is a microkernel so it really has no idea about users and groups and that type of permission model. What it does have however, is a list of "rights" which have a name like("/System/Rights/Ports/60", this is for accessing port 60 of course) and a value, a 64 byte randomly generated value.
The rights that the kernel provides is kept in kernel space and rights that other servers provide are kept in those servers page tables only.
In order to something protected by a right, you have to use the authentication server, or if the authentication server has not yet been started up(the authentication server is one of the servers that the kernel monitors and even uses), you use the kernel to get the 64 byte value. The authentication server manages users and groups and the rights each have.
Then you have to supply this write to the function that is priveleged and the server, or kernel(which is also a server in my os), checks to make sure that you have the right you supplied is correct. If it is you can perform the task, if not, then the user is notified and the program is alerted that it does not have proper rights.
Is this a good method of security? are there any pitfalls to this method? do any of you use this sort of method or anything close to it?
Thanks.
Security idea
http://en.wikipedia.org/wiki/Capability-based_security
Yeah, it's a good idea.
(Rule of good ideas - it's either not good or it's been done before)
Yeah, it's a good idea.
(Rule of good ideas - it's either not good or it's been done before)
Last edited by Candy on Mon Feb 26, 2007 11:55 am, edited 1 time in total.
While, unless I read incorrectly, that idea does sound rather like capability security, I don't think the Law of Good Ideas is really a law. You take something that sounds good but hasn't been done before and you find a way to do it. In the end, you get a new good idea.
After all, if all good ideas have been tried before, what the hell are we doing here?
After all, if all good ideas have been tried before, what the hell are we doing here?
Bringing them togetherCrazed123 wrote:While, unless I read incorrectly, that idea does sound rather like capability security, I don't think the Law of Good Ideas is really a law. You take something that sounds good but hasn't been done before and you find a way to do it. In the end, you get a new good idea.
After all, if all good ideas have been tried before, what the hell are we doing here?
Let's call it a rule then - it's like that pretty much all the time though.
Came up with a dozen "new ideas" for my own OS, to make it easier to program in effectively and efficiently. So it appears 1 of them was thought up before in a specialized language and a concept without implementation (afaik) and the rest is a part of the C++0x proposal - including one language extension I'd been hoping for for a few years but couldn't find (variadic templates).
Came up with a dozen "new ideas" for my own OS, to make it easier to program in effectively and efficiently. So it appears 1 of them was thought up before in a specialized language and a concept without implementation (afaik) and the rest is a part of the C++0x proposal - including one language extension I'd been hoping for for a few years but couldn't find (variadic templates).