[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Security again

To: mint@fishpool.com
Subject: Re: [MiNT] Security again
From: Frank Naumann <fnaumann@csmd2.cs.uni-magdeburg.de>
Date: Thu, 2 Dec 1999 15:57:36 +0100
In-reply-to: <199912021441.PAA14013@haddock.cd.chalmers.se>
Sender: owner-mint@fishpool.com

> > And in what way you decide if such a program have the right permissions?
> 
> Have a special flag, like the ones for memory mentioned, only allow it
> for programs run as 'root' (well, IIRC that doesn't help much if you use an
> AES, but...), or only allow it for 'AUTO-folder' programs.
> Or any combination thereof.

Everybody can then set his own flags.

> > And it don't solve the problem itself. It only workaround some
> > sideeffects.
> 
> I don't think I follow you there.

Such a program can override every system function. You loose any security
and system control.

Where do you know what the program do?

> My point was that you can't prevent current applications from using their
> own vectors (or they will stop working), so the applications can get into
> supervisor mode. End of story.

This is in general a problem that every application can get Super(). Bad
concept.

> I don't see how you can defend the current mechanism with absolutely _no_
> control. Nothing can possibly be a more severe threat to stability than
> completely unchecked vector bending, which is going on now.

You only see it from the point that you will control TRAP chaining. But
there are also lot of other aspects and point of views.

With control I don't mean the TRAP chaining control. I mean control over
the system and the systemcalls.

> If you could only name one thing that you would loose, it would be easier
> to understand your reasoning.

system control, stability, system call control and so on.

 
> > You can look for the rejected trapatch version in the rejected folder.
> 
> That isn't relevant, since I'm not talking about that implementation.

Just for information.

> Perhaps you haven't read what I've written here?

Do you think so?

> TraPatch wasn't that, it was a TSR that implemented some functionality by
> itself. It certainly had nothing to do with MiNT (although I gues it could be
> used together with it).

That's why I said you can look into the Trapatch src module that was
integrated in MiNT in one beta version (1.15.3).

> Since MiNT isn't running when those program are started, it doesn't have
> any kind of control over what they do.

Yes, you don't need this control. Such control improve nothing.

> > Your idea is to (explicitly) give up that control.
> 
> I'm not giving up _any_ control.

Sorry, you give explicitly up any system control if applications can
override system calls.


Tschuess
   ...Frank

--
ATARI FALCON 040 // MILAN 040
--------------------------------------
Internet: fnaumann@cs.uni-magdeburg.de
Mausnet:  Frank Naumann @ B2

Follow-Ups:
- RE: [MiNT] Security again
  - From: "Julian Reschke" <reschke@muenster.de>
- Re: [MiNT] Security again
  - From: Johan Klockars <rand@cd.chalmers.se>

References:
- Re: [MiNT] Security again
  - From: Johan Klockars <rand@cd.chalmers.se>

Prev by Date: Re: [MiNT] Security again
Next by Date: RE: [MiNT] Security again
Previous by thread: Re: [MiNT] Security again
Next by thread: RE: [MiNT] Security again
Index(es):
- Date
- Thread