On Sat, 12 Jun 1999, Blaz Antonic wrote:
> > I really don't see where this is a problem. User level processing does not
> > need
> > hardware memory protection; it could be implemented as a strictly software
> > solution. For example, a table defined within the OS giving the user and the
> > level. Then, all memory access could interrogate this table and give pseudo
> > memory level security.
>
> And how are you going to make sure the program you are about to execute
> isn't going to do anything malicious ?? Rewrite kernel CS, DS, other
> programs' memory space, interrupt table or something else ?? By software
> control ??? How are you going to find out whether the binary you are
> attempting to run uses standard library calls or not (= uses some other
> code that violates system integrity) ?? Such code can be hidden in less
> than 50 bytes of code and covered pretty good. Any user can write
> ownprogram that allows him to rewrite important structures in memory
> (kernel DS) and thereby give him root access or just hang the system.
Aren't there two discussion that could be done?
One for _user_ security,
and one for _user_space_security.
If you don't trust the user, tough luck. Buy another processor.
If you don't trust the user programs (ie arent sure you have coded
100% bug free code) you could protect yourself (your OS) from that
by any of the protection schemes mentioned by people.
Jakob
