On Wed, 2002-11-06 at 02:36, John Summerfield wrote: > BTW IA32 has four protection levels enforced in hardware. I believe the > problem is that Linux doesn't use them all.
x86 has 2 or 4 depending on where you look. Some of the levels really exist as back compatibility segmentation stuff only. Most other Linux platforms have only supervisor/user. > You _can_ secure your webserver now to ensure Apache components can't corrupt > static data such as executable scripts, html etc. You only make it harder. I merely start to do evil stuff like call with the direction flag backwards, or passing bogus parameters. If you then also validate the parameters its probably as cheap to have two processes. > > b) Same scenario as above, but word-substitute apache->kernel and > > mod_trojan->device driver. If the linux kernel ran in 'space 2', > > but device drivers ran in 'space 3', then nasties can't hurt > > the kernel, while still enjoying read-write access to the > > bus and other hardware that a legit device driver needs access > > to. > > Could be done now in IA32. As I recall, OS/2 does just that. Value zero. I ask the hardware to overwrite the kernel. Plus it costs me a -lot- of performance.
