[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Security again

To: mint@fishpool.com
Subject: Re: [MiNT] Security again
From: Johan Klockars <rand@cd.chalmers.se>
Date: Thu, 2 Dec 1999 14:25:04 +0100 (MET)
In-reply-to: <Pine.MNT.4.10.9912021403370.120-100000@milan> from "Frank Naumann" at Dec 2, 99 02:09:19 pm
Sender: owner-mint@fishpool.com

> > That obviously isn't true, since the kernel would have complete control over
> > what programs were allowed to use this feature. Just as certain programs
> > are allowed to use restricted operations of Ssystem(), which could also be
> > used to override the system.
> 
> That's just a fake control. If you can override any trap you can override
> the complete system, Ssystem() too.

Yes, but as I said, you wouldn't give this ability to just any program.
If you want, make it restricted to 'formerly before MiNT, AUTO-folder'
programs and you have exactly the same as right now, only with some degree
of kernel control and much better system call efficiency.

> As I said, anything that is started after MiNT is an application for MiNT.

Yes, but you seemed to think that I meant application when I said program.
I never intended this to be used by an application, except possibly in the
cases where it _currently_ would step into supervisor mode or otherwise
change vectors on its own (Setexec()?).

_Some_ system control is surely better than _no_ control?

> > In my view, the kernel should have as complete control over the environment
> > as possible. That means that it should know about these things, if at all
> > possible. Right now it can't.
> 
> The idea of TraPatch and the idea of a stable kernel are concurrent. So

Exactly. We are talking about them at the same time.  ;-)

> you must decide between Trapatch and stability. That's a fact, about

No. As I outlined the TraPatch-like functionality you wouldn't loose
_anything_ from what we have now. You would only gain.

Granted, this isn't how TraPatch itself works, but then that wasn't a
MiNT kernel call.
I have no idea how the proposed version for MiNT looked, but that isn't
what I'm talking about here, anyway.

> application code you never have any control.

Currently we don't have any control over what you call parts of the kernel
(that is, the AUTO-folder stuff that runs before MiNT), which is one of the
things I'd like to do something about. The other is system call efficiency.

-- 
  Chalmers University   | Why are these |  e-mail:   rand@cd.chalmers.se
     of Technology      |  .signatures  |            johan@rand.thn.htu.se
                        | so hard to do |  WWW/ftp:  rand.thn.htu.se
   Gothenburg, Sweden   |     well?     |            (MGIFv5, QLem, BAD MOOD)

Follow-Ups:
- Re: [MiNT] Security again
  - From: Frank Naumann <fnaumann@csmd2.cs.uni-magdeburg.de>

References:
- Re: [MiNT] Security again
  - From: Frank Naumann <fnaumann@csmd2.cs.uni-magdeburg.de>

Prev by Date: RE: [MiNT] Security again
Next by Date: Re: [MiNT] Security again
Previous by thread: RE: [MiNT] Security again
Next by thread: Re: [MiNT] Security again
Index(es):
- Date
- Thread