RE: [MiNT] Security again

["Konrad M. Kokoszkiewicz" <draco@obta.uw.edu.pl>]

> This will render many, many popular TSRs useless. Read-only would be better,
> but still problematic.

Hum, I wonder (just wonder, nothing else) what TSRs are still in use in
MiNT systems, perhaps apart of NVDI, a mouse accelerator and a patch
programs for TOS (like FLOPFIX or something).

> > can we put the Cookie Jar into Readable memory? That
last one > > assumes no
> > clean MiNT program will put entries into the Cookie Jar... risky
> 
> Most users doesn't run "clean MiNT programs", but AES-applications. And as
> long as MagiC does not support Ssystem(), very few will use Ssystem() to
> handle cookies in their applications.

> I agree that the cookie-jar really is a hack, but as long as MiNT supports
> it in the first place it should support it fully. This means full
> read/write-access by everyone :-/

Hum what about this:

- a program can freely read/write the global cookie jar, if it has
  F_OS_SPECIAL bit set
- other programs have own copies of cookie jar, which can be read/written 
  freely, despite the fact that writing of course has no effect
- and the TSR programs are in readable or super mem
- and the global cookie jar is kernel private

This would be the way to fix the security hole we have, but the question
is, what new problems will emerge then :-) In other words, does this
proposal make any sense. 

Gtx,

--
Konrad M.Kokoszkiewicz
|mail: draco@atari.org                  |  Atari Falcon030 user   |
|http://www.obta.uw.edu.pl/~draco/      | Moderator gregis LATINE |
|http://draco.atari.org                 |       (loquentium)      |

** Ea natura multitudinis est,
** aut servit humiliter, aut superbe dominatur (Liv. XXIV,25)
*************************************************************
** U pospolstwa normalne jest, ze albo sluzy ono unizenie,
** albo bezczelnie sie panoszy.