On Mon, 2002-09-09 at 17:31, Alan Cox wrote: > > The mainframe gets a big chunk of this one right - you can run your web > server and finance database very seperated because of the way VM > virtualization works.
S/390 has lots of facilities that have been layered on over time to isolate programs. There's the original storage protection keys, fetch protection, PSA protection, multiple address spaces, subspace groups, Program Call/Transfer and other stuff that escapes me for the nonce. How many of these does the Linux implementation use? Certainly address spaces, but I'm (ignorantly) guessing that only token use is made of protect keys, there's no fetch protection, no subspaces, no PC/PT... right? There's lots of room for exploitation, depending on your toleration for port-specific minutiae. -- David Andrews A. Duda and Sons, Inc. [EMAIL PROTECTED]
