Followup to: <38E82F8C.9AEE58B1@pobox.com>
By author: "Michael T. Babcock" <mikebabcock@pobox.com>
In newsgroup: linux.dev.kernel
>
> My boss and I were having a discussion on OS security for servers the
> other day and the issue of ring levels came up. We were discussing how
> NT handles ring levels on x86 machines and were wondering if Linux makes
> use of them at all to make process security (memory writing, etc.) more
> secure or if this functionality in the chip is ignored. If the latter,
> what are the reasons for not using it? If the former, how much security
> is being gained?
>
Linux uses ring 0 for the kernel and ring 3 for user space. That much
is necessary to create process security. Ring 1 and 2 aren't used,
because any use of those rings that would actually buy you anything
would cause a major portability pain -- most CPUs only have two
"rings": system and user, and that is really all you need anyway. In
fact, since the i386 doesn't have proper ring brackets in the page
tables, using rings 1 and 2 is mostly useless.
-hpa
-- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot."- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Apr 07 2000 - 21:00:09 EST