On Sun, 23 Jul 2000, Horst von Brand wrote:
> James Sutherland <jas88@cam.ac.uk> said:
>
> [....]
>
> > It shouldn't allow these blocks of unvalidated data through at all, then -
> > that's too dangerous. If the kernel doesn't know what's going on, HTF is
> > it supposed to enforce any kind of security or other system policy??
>
> Yep. It should also carefully check that those damn ELF thingies being
> thrown at the CPU better contain valid code!
It does. How do you think the kernel works around CPU bugs - replicate
nanites to rewire the CPU?
> > It's not filtering; IDE commands shouldn't originate in userland to begin
> > with. Userland apps should make a request to the kernel for a specific
> > kernel facility; the kernel then implements this by sending IDE commands
> > as needed.
>
> Great. "sys_issue_firmware_update_for_WD_disks_made_between_1995_and_1997"
> et al. Sure, could be done. But why? One, or perhaps two of these couple
> dozen functions will be called a handfull of times over the entire life of
> the machine.
The proper interface will allow the very small handful of utilities which
need to bypass these checks (to update firmware or whatever) to do so,
while preventing other access.
James.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:18 EST