Windows NT with capability-based security model?

Discussion in 'all things UNIX' started by Gullible Jones, Sep 4, 2014.

  1. Gullible Jones

    Gullible Jones Registered Member

    May 16, 2013
    Just something I noticed from here:

    Now look at CreateProcess on WinNT, and what it generates as an output argument:

    Windows already uses a struct for process info. In fact it uses structs for almost everything in kernel space, from what (relatively little) I've read about it.

    So, what sort of internal changes would be necessary to implement Capsicum style sandboxing on Windows? It seems like it could maybe be done more transparently than on UNIX, without necessarily requiring application support, no?