Linked by Thom Holwerda on Fri 22nd Feb 2008 09:16 UTC, submitted by obsethryl
.NET (dotGNU too) "Previously, we have presented one of the two opensource licensed projects related to creating a C# kernel. Now it's the time to complete the set by rightfully presenting SharpOS, an effort to build a GPL version 3 + runtime exception licensed system, around a C# kernel of their own design. It is my pleasure and priviledge to host a set of questions and answers from four active developers of SharpOS, that is William Lahti, Bruce Markham, Mircea - Cristian Racasan and Sander van Rossen in order to get some insight into what they are doing with SharpOS, their goals, their different design and inspiration."
Thread beginning with comment 302010
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: advantages
by tuttle on Fri 22nd Feb 2008 16:36 UTC in reply to "RE[2]: advantages"
tuttle
Member since:
2006-03-01

Using a Managed Language, you can verify your assemblies and essentially guarantee it will never spill over into another process.

Additionally, if that's not enough (At least in Singularity) you can selectively isolate the processes in Hardware as well.


That is one thing I dislike about singularity. A great part of the attraction of an OS using software isolated processes is its simplicity. The only security-critical part of such an OS is the MSIL->native JIT/AOT compiler.

If you provide an additional mode of process isolation, a large part of that simplicity goes out of the window. But microsoft never got the whole KISS approach anyway. Just look at the bloat in the C# language specification.

Reply Parent Score: 2

RE[4]: advantages
by Nelson on Fri 22nd Feb 2008 17:05 in reply to "RE[3]: advantages"
Nelson Member since:
2005-11-29

Well, it's to take into account that humans make mistakes and therefore the Software Isolation could be compromised in theory.

Not that it's at all likely, but even for things that don't conform to the philosophies of managed code (Sandboxing Native code using a VM for example), this is a very good compromise.

That way you can run "Trusted" applications using only a SIP, and untrusted or native applications using a SIP with additional hardware protection.

I think it would work if used sparingly, but that remains to be seen.

Reply Parent Score: 3

RE[5]: advantages
by tuttle on Fri 22nd Feb 2008 18:05 in reply to "RE[4]: advantages"
tuttle Member since:
2006-03-01

Well, it's to take into account that humans make mistakes and therefore the Software Isolation could be compromised in theory.


Correct. But hardware isolation can also be compromised in theory. Sometimes there is a bug in a CPU that lets a user level process gain access to privileged instructions. An operating system using pure software isolated processes would not be affected by such CPU bugs.

Not that it's at all likely, but even for things that don't conform to the philosophies of managed code (Sandboxing Native code using a VM for example), this is a very good compromise.


I agree that for practical usability there needs to be some way to run traditional hardware isolated processes. But that should be done in some kind of compatibility layer to avoid bloating the core OS.

Maybe run the new OS and the old processes side by side using some kind of supervisor. But do not compromise the design of the new OS for backward compatibility!

That way you can run "Trusted" applications using only a SIP, and untrusted or native applications using a SIP with additional hardware protection.

I think it would work if used sparingly, but that remains to be seen.


If it is used sparingly, there is no need to compromise the core OS. Running a legacy OS side by side to the new SIP OS under some kind of supervisor would have some overhead when communicating between new and old processes, but I would gladly accept that penalty for a clean and minimalistic design.

Reply Parent Score: 1

Too simple == useless
by renox on Fri 22nd Feb 2008 20:29 in reply to "RE[3]: advantages"
renox Member since:
2005-07-06

Except that in this case, without being able to also use HW protection you must dump all exisiting SW written in 'unsafe' language which makes your OS quite useless..

So I think that it's nice to have both possibilities.

Reply Parent Score: 2