Date: Fri, 21 Mar 1997 18:14:29 -0600 (CST) From: Tony Kimball <Anthony.Kimball@East.Sun.COM> To: hasty@rah.star-gate.com Cc: smp@csn.net, multimedia@freebsd.org Subject: Re: Continquous Memory vs Virtual Memory Message-ID: <199703220014.SAA28132@compound.east.sun.com> References: <199703212304.RAA27833@compound.east.sun.com> <199703220004.QAA03210@rah.star-gate.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoth Amancio Hasty on Fri, 21 March: : From The Desk Of Tony Kimball : : > Quoth Steve Passe on Fri, 21 March: : > : [kernel memory protection violation of RISC engine programs : > : implies need for kernel-level compiler] : > : > Are there any applications which care? If there are none, your : > concerns are excessively zealous. : > : > : Hi Tony, : : The answer is yes. We have applications which can load up into the : driver any old memory address which they want. For instance, : dtv passes to the driver the physical address of the frame buffer. : Programs like dtv do PCI to PCI data transfer or in a case of : a hacker exploit it can do PCI to kernel address space. : When I say "applications" I mean applications in the sense of "problem solutions" or "operational installations". Yes, there are applications in the sense of executable programs which operate upon the device, but that is not really germane to the issue, I think: If there were *no* such executable programs, they would simply be written. To clarify: My question is whether there are any installations of the device (physical machines in which the kernel device is compiled) in which it is necessary to protect kernel memory from executable programs which may be run by malicious parties using mechanisms in excess of ordinary file system permissions. If you agree with me, you will admit that if there are no such installations, a kernel compiler with safety checking is wasted effort. If there are such installations, it may hypothetically be the case that there are other applications for which the resulting soft architecture is unacceptable. This would tend to result in two divergent drivers. That might be okay too. I am a long-time lurker on multimedia@, and I apologize for a lengthy post of a non-strictly-contributory nature. But developmental politics is a fascination of mine.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703220014.SAA28132>