Michael S Hines wrote:
Which brings us to the point of
asking why we must have this run time environment to protect the
computing resources. Why isn't this a function of and included in the
Operating System code?
We need to have these layers (i.e. more than one) because there
Der Mouse is barking up the right rathole.
*** BEGIN SOAPBOX ***
Having cut my security eye-teeth in Multics from 1965 to 1969, I am
continually drawn back into discussions of what Multics did right that
has been systematically (!) ignored by almost all subsequent operating
systems. For the
Der Mouse is barking up the right rathole.
:-) That's a lovely mangled metaphor. And, thanks for the kind words;
I'm glad to see I'm not totally out to lunch. (I haven't been at this
for as long as you have - you write from 1965 to 1969, during which
time I was at most five years old - and
While we're on Multics lessons, let's not forget upward-growing
stacks (which were a natural consequence of the segmented
addressing architecture).
Multics code was not immune to buffer overflows, but in most cases
the effect was blunted because the out-of-range index values could
only affect
Multics code was not immune to buffer overflows, but in most cases
the effect was blunted because the out-of-range index values could
only affect data beyond the current activation record--in contrast
with most linear addressing systems where an overflow is almost
always able to reach