Loading ...
Sorry, an error occurred while loading the content.

Re: [hackers-il] Re: More SchemeOS Brain Dumps

Expand Messages
  • Moshe Zadka
    ... Well, since it s a user-level process, it s not for the kernel to know, but it simply calls a stored continuation. ... A continuation. A CONTINUATION. I ve
    Message 1 of 7 , May 23, 2000
    • 0 Attachment
      On Tue, 23 May 2000, Gaal Yahas wrote:

      > Sounds like you're getting non-preemtive multitasking here. How does
      > the scheduler jump to a different procedure when the current one's
      > time is up?

      Well, since it's a user-level process, it's not for the kernel to know,
      but it simply calls a stored continuation.

      > What is your handle on a context anyway, if not a process?

      A continuation. A CONTINUATION. I've said it about 50 times in my last
      post. For a good introduction on continuations, consult any advanced
      scheme book.

      > In what sense can you then say that p is not "really" a process?

      In the sense that it does not have a seperate address space.

      > > That gives us primitives to implement both "processes" and "threads"
      > > inside Scheme, and because scheme is "safe" (as opposed to C), it is
      > > possible to do so without ugly race conditions.
      >
      > Is it? What if I'm touching one global in two different procedures?

      You'll have a bug. But the system will not crash. Mutexes will be simply
      (set-timer #f). Of course, you might send-box set-timer away and have
      a higer level mutex creation mechanism. But that's, again, a library
      issue.

      > I am certainly yet to understand everything you're planning to do,
      > but it seems to me that problems of security (I'll leave IPC aside)
      > still exist by another name. Who does decisions about a "process"'s
      > priviledges?

      Whoever called the procudure. Don't think "processes", think "thunks"

      > Can a procedure that started with permissions to one
      > set of symbols gain the right to access a different set? How? I
      > imagine you have an idea of some protocol by which a called proc
      > may talk with its caller and ask for these privileges: sure, but how
      > is this essentially different from putting security in a kernel?

      Loads of ways: e.g., you can replace the security model wihtout rebooting.
      I'm trying to write an a good kernel which can be used reliably for a
      number of things.
      For one thing, sand-boxing procedures will allow me to have a good way to
      deal with ILOVEYOU.
      --
      Moshe Zadka <moshez@...>
      http://www.oreilly.com/news/prescod_0300.html
      http://www.linux.org.il -- we put the penguin in .com
    Your message has been successfully submitted and would be delivered to recipients shortly.