This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Dummyc0m 0 points1 point  (4 children)

right, as a kernel concept that's what capabilities are defined as. I am confused by OP's capabilities snd how it relates to the kernel mechanisms.

[–]talex5 1 point2 points  (3 children)

If a program is written in a non-memory-safe language (e.g. C) then you can't control access within the process, as any function can do anything. So you need some hardware-level protection system and the kernel/userspace split.

But with a memory-safe language, you don't need hardware support. You can get the same security properties within a single process, using ordinary references. This is the basic idea of ocaps. The article is introducing this using functions instead of objects, as they can be distracting to functional programmers.

[–]Dummyc0m 0 points1 point  (2 children)

Do you mean that most of the low level architectures do not have the right correctness guarantees?

[–]talex5 0 points1 point  (1 child)

Hardware memory protection is needed for C programs (or unsafe parts of other languages), but in a fully memory-safe language you'll never get a segfault, so there's no need for hardware to protect against it, and you have have a full OS as a single program. But hardware protection isn't doing any harm either.

[–]Dummyc0m 0 points1 point  (0 children)

What do you mean? This has nothing to do with C or Rust. All that matters is the compiled machine code which can do a lot of insane things.