Re: Partially Privileged Applications

[Shahbaz Youssefi]

On Sun, Nov 10, 2013 at 8:06 PM, Matthias Schniedermeyer <ms@xxxxxxx> wrote:
> I don't see a way around "borders" (Papers please), otherwise you can't
> reject things you don't want, you have to check if that something that
> is to be done is allowed. For e.g. you would get around every
> permission-check, because the code you called is allowed to do
> everything.

You're right actually. Proper linking solves the issue for "good people",
but I can't think of a not-dirty way for preventing bad calls from
"bad people". I may get back here if I do find a solution.

> And your driver model sounds more like a micro-kernel
> http://en.wikipedia.org/wiki/Microkernel
> In the sense that a driver is more like a privileged process.

That is true. I understood that but I thought better not mention
microkernels, just to avoid any reaction given "the history"!
I guess I would have appreciated it if Linux was a mikrokernel
or a hybrid, given how f*ing hard it is find a bug in someone else's
kernel module that just hangs the kernel.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/