"It will have full access to all kernel objects in the system including all user pages, CNodes, and endpoints (it won't actually map user pages except if a process opens the associated file for read/write I/O as opposed to mapping the file), and it will control access to all user-visible resources in the system by managing process file permission lists."
Ok, I still don't have the required skills (know-how of the seL4 inners) to say if this is the right/secure way to do this job, but just in case it is (others should put some light on this) as an attacker I would put all my effort to find vulnerabilities in this piece of code as per your description it looks to me like a "sexy" entry point to the system. El sáb., 31 jul. 2021 12:54, Andrew Warkentin <andreww...@gmail.com> escribió: > On 7/31/21, Hugo V.C. <skydive...@gmail.com> wrote: > > "Therefore the process server will be almost as important as the kernel > > when it comes to security" > > > > I'm not developer, so please excuse my ignorance in some topics (like OS > > dev), but, I've experience in exploiting OS stuff and I always prefer a > > ring 0 vuln than a ring 3 vuln... If the process server is implemented at > > user space (ring 3) then I don't get how we can compare security in so > > different cpu execution modes. Am I missing something? > > > > (sorry, mistakenly sent this privately instead of to the list before) > > Even though the process server will run in user mode as far as the > hardware and microkernel are concerned, functionally it will be akin > to something above user processes but below the kernel. It will have > full access to all kernel objects in the system including all user > pages, CNodes, and endpoints (it won't actually map user pages except > if a process opens the associated file for read/write I/O as opposed > to mapping the file), and it will control access to all user-visible > resources in the system by managing process file permission lists. > This is very similar in scope to QNX's process server except that it > won't be colocated in the kernel. > > Therefore, vulnerabilities in the process server will be almost > equivalent to kernel vulnerabilities, so it will be written in Rust > for better memory safety and will be kept as minimal as is reasonably > possible. > _______________________________________________ > Devel mailing list -- devel@sel4.systems > To unsubscribe send an email to devel-leave@sel4.systems > _______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems
