Library Isolation

Nobody III hungryninja101 at ...9...
Sun Mar 11 05:00:43 CET 2018


In Genode, it would be very useful to be able to isolate libraries into
their own child processes, greatly reducing the scope of possible security
holes. I want to write a generic method for doing this simply, efficiently,
and transparently. Can you assess my ideas and/or give me other ideas?

For method calls, one option would be to generate an RPC interface for each
library. This seems doable, but methods involving pointers to large amounts
of data may be an issue. I could wrap pointers in buffers, but dynamic
argument sizes and limits on RPC argument sizes could be an issue.

I could maybe use a packet stream. This would fix some issues, and would
remove the need for an individual RPC interface for each library, however
the packet stream might need to be fairly large.

I might be able to use the RPC idea above, but wrap each pointer in a
dataspace. Is this possible? And is it efficient?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20180310/b6ed5f6d/attachment.html>


More information about the users mailing list