[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [MiNT] Security again



> -----Original Message-----
> From: Konrad M. Kokoszkiewicz [mailto:draco@obta.uw.edu.pl]
> Sent: Wednesday, November 10, 1999 4:00 PM
> To: Jo-Even.Skarstein@gjensidige.no
> Cc: mint@fishpool.com
> Subject: RE: [MiNT] Security again
> 
> Hum, I wonder (just wonder, nothing else) what TSRs are still 
> in use in
> MiNT systems, perhaps apart of NVDI, a mouse accelerator and a patch
> programs for TOS (like FLOPFIX or something).

On my Falcon I have things like ffsel (Freedom), Nova-VDI, Clocky, BetaDOS
and HS-Modem.

> Hum what about this:
> 
> - a program can freely read/write the global cookie jar, if it has
>   F_OS_SPECIAL bit set
> - other programs have own copies of cookie jar, which can be 
> read/written 
>   freely, despite the fact that writing of course has no effect
> - and the TSR programs are in readable or super mem
> - and the global cookie jar is kernel private
> 
> This would be the way to fix the security hole we have, but 
> the question
> is, what new problems will emerge then :-) In other words, does this
> proposal make any sense. 

This looks like a solution, but I'm not sure if there is a problem in the
first place ;-) The biggest problem with this is probably to not allow
write-access to "TSR-space", since many TSRs are configured this way.

Jo Even Skarstein