Matthew Wilcox <[EMAIL PROTECTED]> writes:
>
> > Furthermore, it avoids a security flaw. The current implementation does not
> > allow to grant interrupts secure to other threads. Since you first have to
> > detach an IRQ and after that the IRQ can be re-attached, a "denial-of-service
> > attack" thread could always try to get the interrupt.
>
> The Clan structure can be used to avoid this. Simply have the Chief deny
> access to interrupts to any subtask that is not `authorised' (by whatever
> means necessary)
>
The current implementations of L4 (at least the Intel and Alpha
version) treat interrupts messages like messages from a member of the
Clan they are sent to. Therefore interrupt messages never cross Clan
borders and are never redirected to a Chief.
And attaching to an interrupt doesn't result in sending/receiving a
message, therefore Chief's aren't involved in the process of attaching
to an interrupt.
Jean
--
Dipl.-Inform. Jean Wolter University of Technology, Dresden
Dept. of Computer Science Operating Systems Research Group
Phone: (+49 351) 463 8321 Fax: (+49 351) 463 8284
