Windows NT with capability-based security model?

Discussion in 'all things UNIX' started by Gullible Jones, Sep 4, 2014.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Just something I noticed from here:

    https://github.com/google/capsicum-linux

    Now look at CreateProcess on WinNT, and what it generates as an output argument:

    http://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx
    http://msdn.microsoft.com/en-us/library/windows/desktop/ms684873(v=vs.85).aspx

    Windows already uses a struct for process info. In fact it uses structs for almost everything in kernel space, from what (relatively little) I've read about it.

    So, what sort of internal changes would be necessary to implement Capsicum style sandboxing on Windows? It seems like it could maybe be done more transparently than on UNIX, without necessarily requiring application support, no?
     
Loading...