Chris Seberino wrote:
What is wrong with a bunch of chroot jails instead?
Everything. The primary one being that chroot jails can be broken out of.
The only way to have hard security is to run at a better privilege level
than everything else.
Xen is one solution to the problem. It installs a hypervisor at the
highest privilege level.
TUD:OS is another solution. It puts a microkernel at the highest
privilege level and everything talks to that.
See: http://demo.tudos.org/ It even has a demo CD.
In spite of their superficial differences, these two approaches really
are getting close to one another. They have the same goals; they are
doing the same things; they have the same problems.
The big problem for both is still how to securely manage access to
shared resources like video cards and network cards.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
