On 7/31/21, Hugo V.C. <skydive...@gmail.com> wrote: > "Therefore the process server will be almost as important as the kernel > when it comes to security" > > I'm not developer, so please excuse my ignorance in some topics (like OS > dev), but, I've experience in exploiting OS stuff and I always prefer a > ring 0 vuln than a ring 3 vuln... If the process server is implemented at > user space (ring 3) then I don't get how we can compare security in so > different cpu execution modes. Am I missing something? >
(sorry, mistakenly sent this privately instead of to the list before) Even though the process server will run in user mode as far as the hardware and microkernel are concerned, functionally it will be akin to something above user processes but below the kernel. It will have full access to all kernel objects in the system including all user pages, CNodes, and endpoints (it won't actually map user pages except if a process opens the associated file for read/write I/O as opposed to mapping the file), and it will control access to all user-visible resources in the system by managing process file permission lists. This is very similar in scope to QNX's process server except that it won't be colocated in the kernel. Therefore, vulnerabilities in the process server will be almost equivalent to kernel vulnerabilities, so it will be written in Rust for better memory safety and will be kept as minimal as is reasonably possible. _______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems
