Re: Security stuff

["Jesús Cea Avión" <jcea@argo.es>]

> GEM writes to memory on request from the caller (intout, ptsout,
> addrout). The address of this memory is user defined, and GEM does not
> check it in any way.  Thus you can use GEM to write to arbitrary
> memory regions.  The only way to make this safe is to disallow GEM
> altogether.

You could wrap the GEM/VDI and check the parameters just before the real
GEM/VDI call. GEM/VDI should be run as the same process which called
them in orden to write over its memory.

I don't really see why GEM/VDI must be run in supervisor mode... just a
few wrappers in the applications<->GEM/VDI interface and small
modifications between GEM/VDI<->Bios/hardware link...

My objective would be: Brain damaged programs must NOT crash the entire
system NEVER!.

-- 
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea@argo.es http://www.argo.es/~jcea/ _/_/    _/_/  _/_/    _/_/  _/_/
                                      _/_/    _/_/          _/_/_/_/_/
PGP Key Available at KeyServ   _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibnitz