[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Domain X

To: ekl@sdf.lonestar.org (Evan K. Langlois)
Subject: Re: Domain X
From: itschere@TechFak.Uni-Bielefeld.DE
Date: Tue, 24 May 94 11:32:10 MET DST
Cc: mint@atari.archive.umich.edu
In-reply-to: <m0q5RLV-0000ePC@sdf.lonestar.org>; from "Evan K. Langlois" at May 22, 94 11:10:00 pm

 Huhu!

> >  If you silently accept to force these users to buy the newest MultiTOS in
> > order to be able to do something serious, you can also say: Go and get the
> > newest hardware, otherwise you won't be able to something serious at all.
>
> I don't understand.  MultiTOS or the ROM GEM can run.  GEM programs run
> in MiNT or TOS domain (providing you are the super-user or are at the local
> console, depending on how you want to protect things).  I'm NOt saying people
> should buy MultiTOS as Domain X shouldn't allow GEM programs anyway.

 Ahhh. I've initially thought you wanted to make GEM secure. What remains, is
the problem that once I want to give a user the right to start GEM, I
therefore must grant him the right to switch back to DOM_MINT, and therefore
must *really* trust him.

 Yet worse is that GEM/ROM doesn't work very well with memory protection and
thus I would have to switch this off when wanting to allow GEM access, which
is obviously a bad idea, since you can't do *that* per-process. That's the
point where I was thinking buying MultiTOS would be the only solution.

 For me, it's easy: No GEM allowed at all. Others may disagree... :-)

> Protecting acess to XBIOS/BIOS/AES/VDI traps could be done by pointing
> these traps into an internal MiNT routine when a program is run.  The first
> call the program makes goes into MiNT.  If MiNT decides this program can
> make the call legally, it simply assigns the pointer of the real trap
> routines into that applications handler and falls through it. (...)

 In my eyes, the story is yet more simple: Since DOM_X programs are per
definition not allowed to use BIOS/XBIOS/AES/VDI, just make these vektors
point to a kill routine. Checks must only be done if a programs wants to
switch back to != DOM_X. Once program is running under an old domain, trap
vektors are inherited by all childs until it switches to DOM_X, in which
case they're forced back to the kill routine.

 This should makes the checks both easier and shorter. :-)

> I've thought about this as well.  And I'm curious what everyone else thinks
> about leaving this Unix-like domain to the 030s only.  Personally, I'd rather
> not since I don't have an 030, but then again, I'm not the person that would
> benefit much from the Unix domain anyway!!

 The problem is clear. It's just that under a pure 68000 it isn't what it's
meant to be and what it promises... :-(

 Any ideas or votes?

ciao,
TeSche
-- 
Torsten Scherer (Schiller, TeSche...)
Faculty of Technology, University of Bielefeld, Germany, Europe, Earth...
| Use any of "finger itschere@129.70.131				|
| Last updated: 14. April 1994						|

Prev by Date: Re: MiNT 1.10 (+various patches) and Minixfs 0.6 pl.10.. Help!!!
Next by Date: Re: So many cookies
Previous by thread: Re: Domain X & System variables
Next by thread: Re: Domain X
Index(es):
- Date
- Thread