On 1 Aug 2021, at 09:25, Andrew Warkentin mailto:andreww591@gmail.com> wrote:
Wouldn't there be a risk that a Linux system call would present an
argument that happens to look like a capability and not get
intercepted if system calls were implemented by just catching the
existing invalid-syscall exceptions?
I believe (but am not definite, things change over time) that seL4 syscall numbers don’t overlap Linux syscall numbers which would preclude that totally. But even if not, the chances of parameters to a Linux syscall magically matching arguments of a valid seL4 syscall are pretty remote. This is not a security issue, of course, all that app can do is mess with itself.
Gernot
