[146719] in cryptography@c2.net mail archive
Re: [Cryptography] Using Raspberry Pis
daemon@ATHENA.MIT.EDU (Marcus D. Leech)
Sat Sep 7 00:44:18 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 07 Sep 2013 00:40:43 -0400
From: "Marcus D. Leech" <mleech@ripnet.com>
To: cryptography@metzdowd.com
In-Reply-To: <CAG5KPzxOkOQ09-McqNQe-uM89DaTh=vEkL0Aj5dka+zhyG3S7w@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
This is a multi-part message in MIME format.
--===============2744386645516862056==
Content-Type: multipart/alternative;
boundary="------------060108070509000201030904"
This is a multi-part message in MIME format.
--------------060108070509000201030904
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On 09/07/2013 12:04 AM, Ben Laurie wrote:
>
> On 26 August 2013 22:43, Perry E. Metzger <perry@piermont.com
> <mailto:perry@piermont.com>> wrote:
>
> (I would prefer to see hybrid capability systems in such
> applications, like Capsicum, though I don't think any such have been
> ported to Linux and that's a popular platform for such work.)
>
>
> FWIW, we're working on a Linux port of Capsicum. Help is always
> welcome :-)
>
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
I implemented a lightweight, tightly-focused (well, it started out that
way), capabilities-like system for Android kernels last year. It was a
monumental PITA
largely due to interior kernel-side APIs changing so frequently
across kernel versions.
We had mechanisms for binding "capabilities" to ELF binaries in a way
that the kernel could verify.
The project failed, largely because it kept being dragged around by
marketing so often, that we never got it really nicely robust in any
given direction.
"This week, it's a floor polish. Next week, it's a turbine
maintenance system."
--------------060108070509000201030904
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 09/07/2013 12:04 AM, Ben Laurie
wrote:<br>
</div>
<blockquote
cite="mid:CAG5KPzxOkOQ09-McqNQe-uM89DaTh=vEkL0Aj5dka+zhyG3S7w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 26 August 2013 22:43, Perry E.
Metzger <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:perry@piermont.com" target="_blank">perry@piermont.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div id=":40q" style="overflow:hidden">(I would prefer to
see hybrid capability systems in such<br>
applications, like Capsicum, though I don't think any
such have been<br>
ported to Linux and that's a popular platform for such
work.)</div>
</blockquote>
</div>
<br>
FWIW, we're working on a Linux port of Capsicum. Help is
always welcome :-)</div>
<div class="gmail_extra"><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
The cryptography mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>
<a class="moz-txt-link-freetext" href="http://www.metzdowd.com/mailman/listinfo/cryptography">http://www.metzdowd.com/mailman/listinfo/cryptography</a></pre>
</blockquote>
I implemented a lightweight, tightly-focused (well, it started out
that way), capabilities-like system for Android kernels last year.
It was a monumental PITA<br>
largely due to interior kernel-side APIs changing so frequently
across kernel versions.<br>
<br>
We had mechanisms for binding "capabilities" to ELF binaries in a
way that the kernel could verify.<br>
<br>
The project failed, largely because it kept being dragged around by
marketing so often, that we never got it really nicely robust in any
given direction.<br>
"This week, it's a floor polish. Next week, it's a turbine
maintenance system."<br>
<br>
<br>
</body>
</html>
--------------060108070509000201030904--
--===============2744386645516862056==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2744386645516862056==--