On 1/30/2015 11:13 AM, josh@xxxxxxxxxxxxxxxx wrote:
On Thu, Jan 29, 2015 at 06:25:23PM -0800, Casey Schaufler wrote:
On 1/29/2015 5:36 PM, Paul E. McKenney wrote:And we're looking in all those places too. Each patch is worth
A few K here, a few K there, and pretty soon you actually fit into theAnd UNIX, with UID and GID processing, used to run in 64K of RAM,
small-memory 32-bit SoCs. I do not believe that the processing time
is the issue.
without swap or paging. Bluntly, there are many other places to look
before you go here.
evaluating independently. We've *already* gone here, the code is
written (and being revised based on feedback), and "go work over there
out of my backyard" is not going to work. One of these days, we're
going to run in 64k again.
Oh good heavens. Don't take this personally. I don't.
The security model is "there's one process on this system". (ExpectAs for LSMs, I can easily see putting in the security model from the old
RTOS on top of a NON_ROOT configuration. Won't that be fun when the CVEs
start to fly?
patches for CONFIG_FORK=n and CONFIG_EXEC=n at some point.)
Ok. Why not use Bada?
No, not a chance. If you're running a web runtime, you're on a muchWhere an "application" might be something like CrossWalk,Do you think you'll be running system services like systemd on top of this?Nope, I don't expect these systems to be using LSM, systemd, or sendmail.
Anyone *else* remember what happened when they put capability handling into
sendmail?
I think that many of these will instead run the application directly
out of the init process.
larger system, and you're going to be less concerned about shaving
kilobytes; you're also going to want many of the kernel facilities for
sandboxing code.
The kinds of applications we're talking about here run entirely in one
binary, serving a few very narrow functions. We're not talking
"automobile IVI system" here; we're talking "two buttons and an output",
or "a few sensors and an SD card".
Linux is an insane choice for such a system. Why would you
even consider it?
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature