Sandbox Loader 

// file: lib/libcheri/libcheri_sandbox_loader.c

sandbox class load

int sandbox_class_load(struct sandbox_class *sbcp)

This will set up the code capability for a new sandbox class; (CHERI todo) set up the code and data capabilities differently. Steps includes:

  • parse the provided classes, required methods from the ELF binary.
  • set bounds and mask permissions on code capabilities. set offset of rtld, invoke vectors.

sandbox object load

int sandbox_object_load(struct sandbox_class *sbcp, struct sandbox_object *sbop)

This will create an initial reservation of space for the sandbox, and using anonymous memory that is neither readable nor writable. This ensures there is space for all the various segments we will be installing later. Steps includes:

  • create a new CHERI system object for use with a specific sandbox object.

The rough memory map is as follows:

// file:
//  lib/libcheri/libcheri_sandbox_loader.c

   /*
    * J + 0x1000 [internal (non-shareable) heap]
    * J          [guard page]
    *  +0x600      Reserved vector
    *  +0x400      Reserved vector
    *  +0x200      Object-capability invocation vector
    *  +0x0        Run-time linker vector
    * 0x8000     [memory mapped binary]
    * 0x2000     [guard page]
    * 0x1000     [read-only sandbox metadata page]
    * 0x0000     [guard page]
    *
    */
Created Jul 17, 2019 // Last Updated May 18, 2021

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?