We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
My understanding is that to seal a capability I require a sealer cap which has address that fits into the object ID of the capability to be sealed, i.e it's address is < 64KBytes.
How to obtain a suitable capability on Linux purecap? Is there a new system call available to get one?
I am temporarily using DDC, and this works, e.g something like this:
void* __capability sealed_cap = cheri_seal(ptr_to_seal, (uint8_t*)cheri_ddc_get() + (ptrdiff_t)0x1234);
But obviously I need a proper sealing capability, mmap() / malloc() are likely to give something with a lower bound too high. I suppose I could reduce the bounds of DDC but this sounds like a hack.
Please advise how it is supposed to be done!
Thanks
Hi Pete,
It indeed works using DDC currently but please don't rely on it - we will be zeroing DDC in due course, as specified in the pure-capability kernel-user ABI (PCuABI) specification. The new mechanism to obtain the root sealing capability is the AT_CHERI_SEAL_CAP entry in the auxiliary vector. To get it, use getauxptr(AT_CHERI_SEAL_CAP). You should then derive a sealer capability with an appropriate address and bounds (ideally as narrow as possible).
getauxptr(AT_CHERI_SEAL_CAP)
Cheers,Kevin
Brilliant, exactly what I needed to know - thanks Kevin.