hi, > Az imam edin drug vypros malko v strani: Kak se detect-va (ili se znae > predvaritelno za vseki cpu type) kolko rings na privileges za code execution > ima cpu-to i kak Linux kernel-a upravlqva cpu-to da execute-va (izteglq ot > pametta i execute-va s opredelqni privileges) code na edin ili drug ring. > (kyde se gleda tova v source-a na kernel-a, qvno ste e nqkyde iz asm's ama > vinagi kogato sym se opitval da go razbera maj go podminavam ;-). 4uval sym > 4e za x86 cpu's obiknoveno za 4 rings ot kojto kernel-a polzva 2 , e.g. 0 - > kernel code i 3 - user code ? Solaris i OS/2 maj polzvat i 4-te ring-a na > code execution privileges na x86 ili ne vinagi e taka ?
dokolkoto znam tezi rings se narichat 'privilege/protection levels' i pri x86 alike cpu-ta sa naistina 4. spored definiciite na intel, level 0 se polzva ot kernela na os-a, 1 i 2 sa za device drivers/modules, a 3 - userland apps. drugo - ne vsichki os-i gi polzvat - naprimer win 9x i dos se vodiat za real mode os i gi usevat samo chastichno, dokato unix/linux si rabotiat po design v protected mode. pri solaris x86 se polzvat priv.rings otnovo; za sparc/usparc ne sym mnogo naiasno, no e mnogo veroiatno da se polzva similar tech. pri linux, userland apps ne mogat direktno da accessvat memory prez cpu-to, a poluchavat/ne poluchavat priviliges by kernel capabilities. tova e utterly polezen faq ;) http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt +arch/i386/kernel/setup.c +arch/i386/kernel/ioport.c /s ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
