Re: [SC-L] Segments, eh Smithers?

2006-04-04 Thread ljknews
At 9:02 AM -0700 4/3/06, Crispin Cowan wrote: That second question is actually pretty technically deep. What is so different about paged memory systems that makes them harder to secure than segmented memory systems? My conjecture: it is the granularity of the memory blobs. Consider: *

RE: [SC-L] Segments, eh Smithers?

2006-04-04 Thread Michael S Hines
Or consider the IBM Mainframe and z/OS Operating Systems - protected memory and paging together - also privileged programs vs. application programs, also prefetched programs vs loaded on demand programs. Mike Hines Mainframe Systems Programmer --- Michael S

Re: [SC-L] Segments, eh Smithers?

2006-04-04 Thread der Mouse
So, if we hope to have a truly high security operating system in our lifetimes, then one of several things will have to happen: * [...] * [...] * Someone develops a security kernel that effectively fakes segmentation in software using conventional pages, *and* they

Re: [SC-L] Segments, eh Smithers?

2006-04-04 Thread karger
My comments are interleaved below: Crispin Cowan writes: PGN cites many of the things that Multics did right and history did not follow. Most of these issues are sufficiently entrenched in legacy hardware and software that there is little chance to change them any time soon. Of particular

Re: [SC-L] Segments, eh Smithers?

2006-04-04 Thread Blue Boar
Crispin Cowan wrote: Of particular and critical interest at this juncture is segmented memory. Graybeards love segmented memory, and modern Linux kidz hate segmented memory. A close friend has observed to me that 100% of A1 evaluated operating systems (both of them :) used segmented memory. In

Re: [SC-L] Segments, eh Smithers?

2006-04-04 Thread Steven M. Bellovin
On Mon, 03 Apr 2006 09:02:27 -0700, Crispin Cowan [EMAIL PROTECTED] wrote: Of particular and critical interest at this juncture is segmented memory. Graybeards love segmented memory, and modern Linux kidz hate segmented memory. A close friend has observed to me that 100% of A1 evaluated

RE: [SC-L] Segments, eh Smithers?

2006-04-04 Thread Aleksander P. Czarnowski
Some quick thoughts on this subject regarding x86 architecture: - I think we need to define better the term segment, because you also have selectors in case of flat mode - secondly you can provide some protection mechanism using not only rings but also memory pages and descriptor check, page