Capability-Based Security for Redox: Namespace and CWD as Capabilities

als0 · 2026-03-27T22:07:38 1774649258

Good work. I'm happy to see this for Redox. There are numerous implementations of capabilities now, and they confirm that the concept really does simplify access control and sandboxing.

ambicapter · 2026-03-28T00:47:45 1774658865

Could I get some examples? I'm interested in learning more.

wmf · 2026-03-28T03:11:17 1774667477

https://www.cl.cam.ac.uk/research/security/capsicum/

als0 · 2026-03-28T10:10:25 1774692625

Implementations include seL4, Barrelfish, Google Fuchsia OS, Capsicum, and a slew of research systems too long to list. It's also worth checking out tangential things like the E programming language and Google's old Caja project.

davexunit · 2026-03-28T01:30:47 1774661447

http://habitatchronicles.com/2017/05/what-are-capabilities/

https://files.spritely.institute/papers/spritely-core.html

Icathian · 2026-03-28T03:56:13 1774670173

Cloudflare's developer platform uses them. That's what their "bindings" are.

tuananh · 2026-03-28T08:35:49 1774686949

there's also capsudo by kaniini

https://github.com/kaniini/capsudo