←back to thread

SkiftOS: A hobby OS built from scratch using C/C++ for ARM, x86, and RISC-V

(skiftos.org)
408 points ksec | 6 comments | 13 Sep 25 04:55 UTC | HN request time: 0.201s | source | bottom
1. spuz ◴[13 Sep 25 08:58 UTC] No.45230539[source]
What ideas do you employ around security? Do apps have full access to memory? To hardware? Is there a permissions system? Sorry I'm not that familiar with how microkernels work.
replies(1): >>45230592 #
2. monax ◴[13 Sep 25 09:09 UTC] No.45230592[source]
Apps don’t get full access to memory or hardware. The kernel only maps what they’re allowed to see. Drivers live in user space, and apps talk to them through capabilities (handles you can pass around). There’s no ambient authority, you only get access if you’ve been given the key.
replies(2): >>45230794 #>>45230948 #
3. spuz ◴[13 Sep 25 09:53 UTC] No.45230794[source]
Interesting. Thanks.
4. Panzerschrek ◴[13 Sep 25 10:34 UTC] No.45230948[source]
What about filesystem access rights? Does any application have full access to all user's files? Or only to files belonging to this particular application?
replies(1): >>45230974 #
5. monax ◴[13 Sep 25 10:38 UTC] No.45230974{3}[source]
Applications will each have their own namespace, and will only have access to user files if given the right to, on a per directory/file basis
replies(1): >>45231536 #
6. Panzerschrek ◴[13 Sep 25 12:33 UTC] No.45231536{4}[source]
This is a very nice approach. You should mention it on the main page of your OS site.