Re: [seL4] Question on endpoint cap write permission

Yes, and this makes sense if you think about it. If you want to guarantee that Alice is confined (i.e. cannot leak information sent to her) then you need to ensure that she has no send rights. Which you cannot if she was able to receive a cap with send rights. Gernot

On 11 Jul 2017, at 19:34, Jimmy Brush wrote:

Hello,

in the 6.0 manual section 3.1.4 the table shows that Write permission on an endpoint cap permits sending to the endpoint.

however, in section 4.2.2 it says without the Write permission on the RECEIVING endpoint cap, any cap sent over IPC gets diminished.

Am I missing something? It seems the Write permission is overloaded to mean two different things.

This would seem to imply that to receive an undiminished capability via IPC you must have both send and receive permission to the endpoint you are receiving against.

Which would mean if you wanted to limit someone to only receiving and never sending against an endpoint by giving them an endpoint cap with only Read permission, they would necessarily also NEVER be able to receive an undiminished capability.

Thanks, JB

_______________________________________________ Devel mailing list Devel@sel4.systems https://sel4.systems/lists/listinfo/devel