On Fri, 12 Jul 96 23:55:24 EST, tornaria@cmat.edu.uy (Gonzalo
Tornaria) said:
> Would it be too bad tu run some parts of the kernel (at least
> modules, perhaps compiled in drivers too) in protection ring 1? Then
> you leave ring 0 for secure compiled-in parts of the kernel. You
> can't modify page tables from ring 1, can you? You put securelevel
> (and perhaps some other things) in a read-only page, and as modules
> are running in ring 1, they can't write to it.
Not all architectures implement such multiple security levels in
hardware. You can't rely on it being available.
Cheers,
Stephen.
-- Stephen Tweedie <sct@dcs.ed.ac.uk> Department of Computer Science, Edinburgh University, Scotland.