[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MiNT security problem?

To: Mario Becroft <mb@tos.pl.net>
Subject: Re: MiNT security problem?
From: chu@platinum.com (Howard Chu)
Date: Tue, 18 Nov 97 15:07:23 -0800
Cc: MiNT Mailing List <mint@atari.archive.umich.edu>
In-reply-to: (Your message of Tue, 18 Nov 97 19:53:54 GMT.) <Pine.MNT.3.96-MiNT.971118194750.88A-100000@tos>

  Hello,

  I just realised that there must be the following secutiry problem under
  MiNT:

  At present anyone can freeze the system for as long as they wish by simply
  entering supervisor mode. If they want to unfreeze it again they can do
  that too, and while it is frozen they can still use the machine (in a
  limited way).

  How can this problem be avoided? It wouldn't be possible to simply disable
  supervisor mode for user programs since much software needs to be able to
  access system variables etc that are not accessible in user mode.

  All I can think of is to impose some kind of limit on the length of time
  spent in supervisor mode, but this seems like a kludge which would be
  problematic in many cases.

  Or am I missing something and this is in fact not a problem at all?

Yes, it's a legitimate problem. What to do about it is a more difficult
question...

Life would have been so much simpler if system variables could be *read*
in user mode...

References:
- MiNT security problem?
  - From: Mario Becroft <mb@tos.pl.net>

Prev by Date: Re: Any more XaAES or OaSiS Dev.?
Next by Date: MacMiNT (was Re: Any more XaAES or OaSiS Dev.?)
Previous by thread: Re: MiNT security problem?
Next by thread: Re: MacMiNT (was Re: Any more XaAES or OaSiS Dev.?)
Index(es):
- Date
- Thread