On Wed, Aug 20, 2003 at 10:11:17AM +0200, Farid Hajji wrote: > The Hurd provides the same security protection that other POSIX systems, > including Linux, BSD, etc... If AROS runs as a user-level application > in the Hurd, it will be as secure as other user-level applications. > If it runs as a task (or set of tasks) directly on top of the microkernel > (Mach, L4, ...), it will be even more isolated from other tasks, including > Hurd tasks.
There are a couple of issues though you have to be aware of if you want to do that. First of all, Mach is open to all sorts of DoS attacks. L4 isn't, because all "global" effects are wrapped in system calls which require privileges (ie, only the root task can call them). So the root task becomes the aribter on such privileged operations. Of course we will have a generic rootserver that allwos you to do that. The only other thing that you then must be aware of is the DoS attack of bombarding other (server) threads with messages (which they will reject of course). There is a feature in L4 (redirector) that can be used to prevent that, but it causes an overhead on every IPC from that thread you use it for. Still you might have to use a global redirector task in the system that controls which task is allowed to send messages to which other tasks (or subsystem, if that's a feature you want to have), for ultimate security. This thread is not off-topic, but on the wrong list :) Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org [EMAIL PROTECTED] Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ [EMAIL PROTECTED] http://www.marcus-brinkmann.de/
