From b5552cc9c7dd2d333106b1c69e6ff23aab19df47 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 24 Feb 2015 23:42:26 +0100 Subject: Add quick paragraph on security model. --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'README.md') diff --git a/README.md b/README.md index b74eeef..0b460bc 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,22 @@ The code for the project must make sense, be simple and straightforward, and be easily understandable in complete detail so that we can track bugs and extend the system more easily. +### Capability-like security system + +A normal ring-3 application managed by a ring-0 kernel is a bit like a virtual +machine in wich the process runs : it has a full memory space and doesn't see it +when it is interrupted by other things happening on the system. We take this a +bit further by saying that a process that creates a child process creates a +"box" in which some of the ressources of the parent can be made accessible, +possibly with some restrictions. In particular this is true of filesystems : +each process has its own filesystem namespace. Basically it means that the login +manager has full access to all disk devices and system hardware, the session +manager for a user session only has access to the user's data and read-only +access to system files, and an untrusted user application can be sandboxed in an +environment where it will only see its own data and necessary libraries, with +"bridges" enabling access to user-approved data (for instance a file chooser, or +taking a picture with a webcam or such). + ### Goal : small and cool I would love to have kogata fit on a 1.44MB floppy and run with a full GUI and -- cgit v1.2.3