alt Hacker NewsYeah, would love to see the CPU vendors invent some primitives to let user code pull those kinds of privilege isolation tricks within a single process and address space.
Something like: “From now on, code on these pages can only access data on these pages, and only return to/call into other code through these gates…”
Replies
I've had some ideas about avoiding format validation in IPC receivers if the data is encoded by trusted code, which is also the only code that has rights to send the IPC data / to connect to the receiver. I can't really think of an important problem that it would solve, though. DBus always validates received data, but it's not really meant or very suitable for large amounts of data anyway.
Thread based seems like it at least should be possible.
That would be pretty cool. Something like the Win32 function GetWriteWatch, but implemented in hardware instead of the page fault handler (I assume).
https://learn.microsoft.com/en-us/windows/win32/api/memoryap...
Or some sort of special write barrier store op-code, idk.