From: Andrew Warkentin <andreww591@gmail.com>
To: TUHS main list <tuhs@minnie.tuhs.org>
Subject: Re: [TUHS] Systematic approach to command-line interfaces
Date: Sun, 1 Aug 2021 20:10:46 -0600 [thread overview]
Message-ID: <CAD-qYGrx0D=SU-CWLF9_soUYYogFQFeMFB+xurVGMaqvwr0DkQ@mail.gmail.com> (raw)
In-Reply-To: <YQdEv2nOznGExbK8@mit.edu>
On 8/1/21, Theodore Ts'o <tytso@mit.edu> wrote:
>
> I've seen this argument a number of times, but what's never been clear
> to me is what *would* the "normal APIs" be which would allow a parent
> to set up the child's state? How would that be accomplished? Lots of
> new system calls? Magic files in /proc/<pid>/XXX which get
> manipulated somehow? (How, exactly, does one affect the child's
> memory map via magic read/write calls to /proc/<pid>/XXX.... How
> about environment variables, etc.)
>
My OS will be microkernel-based and even the RPC channel to the VFS
itself will be a file (with some special semantics). read(), write()
and seek() will bypass the VFS entirely and call the kernel to
directly communicate with the destination process. The call to create
an empty process will return a new RPC channel and there will be an
API to temporarily switch to an alternate channel so that VFS calls
occur in the child context instead of the parent.
All process memory, even the heap and stack, will be implemented as
memory-mapped files in a per-process filesystem under /proc/<pid>.
This will be a special "shadowfs" that allows creating files that
shadow ranges of other files (either on disk or in memory).
Environment variables will also be exposed in /proc of course.
>
> And what are the access rights by which a process gets to reach out
> and touch another process's environment? Is it only allowed only for
> child processes? And is it only allowed before the child starts
> running? What if the child process is going to be running a setuid or
> setgid executable?
>
Any process that has permissions to access the RPC channel file and
memory mapping shadow files in /proc/<pid> will be able to manipulate
the state. The RPC channel will cease to function after the child has
been started. setuid and setgid executables will not be supported at
all (there will instead be a role-based access control system layered
on top of a per-process file permission list, which will allow
privilege escalation on exec in certain situations defined by
configuration).
>
> The phrase "all process state will have a file-based interface" sounds
> good on paper, but I think it remains to be seen how well a "echo XXX
>> /proc/<pid>/magic-file" API would actually work. The devil is
> really in the details....
>
Even though everything will use a file-based implementation
underneath, there will be a utility library layered on top of it so
that user code doesn't have to contain lots of
open()-read()/write()-close() boilerplate.
next prev parent reply other threads:[~2021-08-02 2:11 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-31 12:25 Michael Siegel
2021-07-31 13:05 ` Dan Halbert
2021-07-31 14:21 ` Adam Thornton
2021-07-31 14:25 ` Adam Thornton
2021-07-31 15:45 ` Richard Salz
2021-07-31 16:03 ` Clem Cole
2021-07-31 16:06 ` Richard Salz
2021-07-31 16:21 ` Clem Cole
2021-07-31 16:17 ` Clem Cole
2021-07-31 16:30 ` Dan Cross
2021-07-31 15:56 ` Paul Winalski
2021-07-31 16:19 ` Dan Cross
2021-08-01 17:44 ` Chet Ramey
2021-08-01 21:53 ` Dan Cross
2021-08-01 23:21 ` Chet Ramey
2021-08-01 23:36 ` John Cowan
2021-08-01 23:49 ` Larry McVoy
2021-08-02 0:28 ` Larry McVoy
2021-08-01 23:58 ` Dan Cross
2021-08-02 0:29 ` Steve Nickolas
2021-08-02 0:13 ` Andrew Warkentin
2021-08-02 0:18 ` John Cowan
2021-08-02 0:54 ` Andrew Warkentin
2021-08-02 1:04 ` Dan Cross
2021-08-02 1:05 ` Theodore Ts'o
2021-08-02 2:10 ` Andrew Warkentin [this message]
2021-08-02 2:32 ` Bakul Shah
2021-08-02 17:33 ` Lars Brinkhoff
2021-09-28 17:46 ` Greg A. Woods
2021-09-28 18:10 ` Larry McVoy
2021-09-29 16:40 ` Greg A. Woods
2021-09-29 16:57 ` Larry McVoy
2021-09-30 17:31 ` Greg A. Woods
2021-09-29 23:10 ` Phil Budne
2021-08-02 17:37 ` Lars Brinkhoff
2021-08-02 18:52 ` Clem Cole
2021-08-02 20:59 ` John Cowan
2021-08-02 21:06 ` Al Kossow
2021-08-02 21:14 ` Clem Cole
2021-08-02 21:13 ` Clem Cole
2021-08-01 16:51 ` Michael Siegel
2021-08-01 17:31 ` Jon Steinhart
2021-07-31 16:41 ` Clem Cole
2021-07-31 17:41 ` John Cowan
2021-07-31 17:30 ` Anthony Martin
2021-07-31 17:46 ` John Cowan
2021-07-31 18:56 ` Michael Siegel
2021-07-31 19:41 ` Clem Cole
2021-07-31 21:30 ` Michael Siegel
2021-08-01 17:48 ` Chet Ramey
2021-08-01 19:23 ` Richard Salz
2021-08-01 23:26 ` Chet Ramey
2021-07-31 19:20 ` [TUHS] Systematic approach to command-line interfaces [ meta issues ] Jon Steinhart
2021-07-31 21:06 ` Richard Salz
2021-07-31 21:32 ` Jon Steinhart
2021-07-31 21:37 ` Richard Salz
2021-07-31 21:55 ` Jon Steinhart
2021-07-31 22:10 ` Warner Losh
2021-07-31 22:19 ` Larry McVoy
2021-07-31 22:20 ` Jon Steinhart
2021-07-31 23:26 ` Warner Losh
2021-07-31 23:41 ` Jon Steinhart
2021-07-31 22:04 ` Bakul Shah
2021-07-31 22:13 ` Larry McVoy
2021-07-31 22:14 ` Bakul Shah
2021-07-31 22:17 ` Bakul Shah
2021-07-31 22:16 ` Jon Steinhart
2021-07-31 22:20 ` Bakul Shah
2021-07-31 16:27 [TUHS] Systematic approach to command-line interfaces Nelson H. F. Beebe
2021-07-31 16:47 Ron Young
2021-08-02 2:34 ` Jim Carpenter
2021-08-02 2:38 ` Ron Young
2021-08-02 2:42 Douglas McIlroy
2021-08-02 14:58 ` Theodore Ts'o
2021-08-02 18:15 ` Adam Thornton
2021-08-02 18:24 ` Warner Losh
2021-08-02 20:55 ` John Cowan
2021-08-02 21:06 ` Jon Steinhart
2021-08-02 21:25 ` Dan Cross
2021-08-02 21:59 ` Jon Steinhart
2021-08-02 22:33 ` John Cowan
2021-08-03 0:21 ` Bakul Shah
2021-08-03 1:49 ` Jon Steinhart
2021-08-03 3:21 ` Adam Thornton
2021-08-03 3:27 ` Bakul Shah
2021-08-03 3:51 ` Jon Steinhart
2021-08-03 7:19 ` arnold
2021-08-03 23:12 ` Andrew Warkentin
2021-08-04 15:04 ` Paul Winalski
2021-08-03 15:01 Douglas McIlroy
2021-08-03 17:13 ` Tom Lyon via TUHS
2021-08-11 18:11 ` Tom Ivar Helbekkmo via TUHS
2021-08-11 21:24 ` Tom Lyon via TUHS
2021-08-03 19:12 Douglas McIlroy
2021-09-28 18:15 Noel Chiappa
2021-09-29 18:07 Noel Chiappa
2021-09-29 19:04 ` Dan Cross
2021-09-29 19:12 ` Larry McVoy
2021-09-30 11:41 Douglas McIlroy
2021-10-01 12:11 Paul Ruizendaal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAD-qYGrx0D=SU-CWLF9_soUYYogFQFeMFB+xurVGMaqvwr0DkQ@mail.gmail.com' \
--to=andreww591@gmail.com \
--cc=tuhs@minnie.tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).