[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Security again



Hello!

> Apparently an experimental implementation was done of TraPatch for the
> MiNT kernel. This was later axed for somewhat unclear reasons.
> One reason given on the thread was that one of the kernel developers
> (no names here ;-) didn't like the possibility that programs hook into
> GEMDOS traps/functions.

That's the main point, it's not a reasonable concept at all. Introducing
this into the kernel break all security concepts. Any application(!)
can override the complete system.

Kern is kern, application is application. An application must be outside
the kernel.

> Now, I agree completely that it's generally a very bad idea to hook into
> OS functions. Unfortunately, the design of our OS makes it necessary to do
> so for many things that people consider useful. It's also a fact that most
> people _have_ quite a few programs in their AUTO-folders that do just that.

No, I disagree. Any program that is executed after MiNT is an application
and have to be run outside the kernel. Programs that are executed before
MiNT are automatically part of the kern.

> So, outlawing TRAP-hooking is not really an option.

It's always an option. Tell me any useful reason to allow an application
to override the system.



Tschuess
   ...Frank

--
ATARI FALCON 040 // MILAN 040
--------------------------------------
Internet: fnaumann@cs.uni-magdeburg.de
Mausnet:  Frank Naumann @ B2