We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
My understanding is that to seal a capability I require a sealer cap which has address that fits into the object ID of the capability to be sealed, i.e it's address is < 64KBytes.
How to obtain a suitable capability on Linux purecap? Is there a new system call available to get one?
I am temporarily using DDC, and this works, e.g something like this:
void* __capability sealed_cap = cheri_seal(ptr_to_seal, (uint8_t*)cheri_ddc_get() + (ptrdiff_t)0x1234);
But obviously I need a proper sealing capability, mmap() / malloc() are likely to give something with a lower bound too high. I suppose I could reduce the bounds of DDC but this sounds like a hack.
Please advise how it is supposed to be done!
Thanks
Brilliant, exactly what I needed to know - thanks Kevin.