Re: [MiNT] Security again

[Michael Schwingen <rincewind@discworld.dascon.de>]

On Thu, Dec 02, 1999 at 02:09:19PM +0100, Frank Naumann wrote:
> 
> That's just a fake control. If you can override any trap you can override
> the complete system, Ssystem() too.

Well - that's always true, be it a TSR that hooks into a trap or a
well-written device driver. The point is that you have to trust system
extensions - no matter how they are started, so using these extensons
obviously requires the same priviledge as Ssystem or Supexec - and it does
not give away any more priviledges than these functions do.

> As I said, anything that is started after MiNT is an application for MiNT.

That would also include device drivers.

I have a different view here: an application is a program that interacts
with the user and that can terminate - which TSRs don't.

TSRs are system extensions, and and since you can't prevent them, we might
as well make them efficient and at least partially safe.

> The idea of TraPatch and the idea of a stable kernel are concurrent. So
> you must decide between Trapatch and stability. That's a fact, about
> application code you never have any control.

Huh? You never have control about anything outside the kernel, including
device drivers, that is true. However, I can not see how a system to hook
into a single function code could possibly make the system less stable than
a TSR that hooks into the complete trap (which means that it takes direct
control from the kernel!).

cu
Michael
-- 
Michael Schwingen, Ahornstrasse 36, 52074 Aachen