From: Levente Kurusa <levex@linux.com>
To: Shahbaz Youssefi <shabbyx@gmail.com>
Cc: Matthias Schniedermeyer <ms@citd.de>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: Partially Privileged Applications
Date: Tue, 12 Nov 2013 12:56:38 +0100 [thread overview]
Message-ID: <52821776.2000300@linux.com> (raw)
In-Reply-To: <20131111184447.GA24530@citd.de>
2013-11-11 19:44 keltezéssel, Matthias Schniedermeyer írta:
> On 11.11.2013 14:05, Shahbaz Youssefi wrote:
>> On Sun, Nov 10, 2013 at 8:06 PM, Matthias Schniedermeyer <ms@citd.de> wrote:
>>> I don't see a way around "borders" (Papers please), otherwise you can't
>>> reject things you don't want, you have to check if that something that
>>> is to be done is allowed. For e.g. you would get around every
>>> permission-check, because the code you called is allowed to do
>>> everything.
>>
>> You're right actually. Proper linking solves the issue for "good people",
>> but I can't think of a not-dirty way for preventing bad calls from
>> "bad people". I may get back here if I do find a solution.
Hi,
What you describe in your blogpost already exists. It is called real-mode.
Imagine yourself as a userspace developer. You make an application and want
it to run as fast as possible and therefore you eliminate the mode-switches, which
do cost a lot of time. Your only way to stop them is by leaving out .text section
and only having the .privileged section.
Also, think about the malicious software we had back in the DOS times. You caught one,
your computer or atleast your harddrive died.
Another problem is the bad developer, they want to test out their application, but they
accidentally left out something. Just thinking about myself, I made lots of stupid mistakes
when I began development, if the CPU worked per your description, I would have bricked bunch of
computers. The whole point of separating kernelspace from userspace is not only the abstraction
of hardware, but the security as well. We want to protect the user from having the fear of bricking
his or her computer.
By this, I don't mean to say that your idea is bad, but right now we can't just trust userspace
with 'God' powers.
--
Regards,
Levente Kurusa
next prev parent reply other threads:[~2013-11-12 11:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-10 15:03 Partially Privileged Applications Shahbaz Youssefi
2013-11-10 16:18 ` Richard Weinberger
2013-11-10 16:24 ` Shahbaz Youssefi
2013-11-10 16:44 ` Richard Weinberger
2013-11-11 0:43 ` Al Viro
[not found] ` <20131110190633.GA18073@citd.de>
2013-11-11 13:05 ` Shahbaz Youssefi
2013-11-11 18:44 ` Matthias Schniedermeyer
2013-11-12 11:56 ` Levente Kurusa [this message]
2013-11-12 12:20 ` Shahbaz Youssefi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52821776.2000300@linux.com \
--to=levex@linux.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ms@citd.de \
--cc=shabbyx@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).