Date: Wed, 31 Aug 2011 13:10:33 -0700 From: Alfred Perlstein <alfred@freebsd.org> To: Victor <vicmrml@gmail.com> Cc: freebsd-arch@freebsd.org Subject: Re: Privileged mode commands in FreeBSD processes Message-ID: <20110831201032.GT19022@elvis.mu.org> In-Reply-To: <4E5E8E69.1040506@gmail.com> References: <4E5E8E69.1040506@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You can see i386_get_ldt(2) and io(4) manpages. More privileged opcodes can not be used afaik. * Victor <vicmrml@gmail.com> [110831 13:05] wrote: > Is it possible to write and start a program in FreeBSD, which could > execute processor commands of previleged modes (protection rings), > commonly prohibited to a process in the user mode? > > For example we could permit the process direct access to i/o ports (IN > and OUT commands on PC architecture), execution of the software > interrupt command with any operand (INT), access to descriptor tables > registers (GDT, LDT, etc.) with capability of changing content of both > these registers and descriptor tables themselves (situated in the RAM). > We could also allow the process to change flag bits in the registers of > CPU, responsible for processor modes (memory addressing modes, > transition from protected to real mode and vice versa, etc.) In fact, if > this feature exists in FreeBSD, it must switch the processor for the > time of execution this process to the mode with higher privileges (to > the protection ring from 2 to 0, not 3 in x86). I would like to ask the > FreeBSD community, does this possibility exist in FreeBSD? > > I understand the problem can be easily solved by deviding the program > into two parts: the process (COFF or ELF file) and the driver. All the > code, containing privileged commands, could be placed in the driver, as > the rest of the code (its unprivileged part) could be contained in the > process. As far as I understand, the driver code is executed in the 0 > ring mode, so it has no restrictions. On the other hand it would be > interesting to have such an opportunity for common processes in both > educational (e. g. studying assembler privileged mode commands) and > technical purposes. Of course this feature is a great threat for system > safety, and besides programs, using it, can easily completely destroy > the system, however it could be useful for some aims. > > Does anything of such kind exist in FreeBSD? If it does, please give me > a reference in the FreeBSD documentation. > > Victor. > > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" -- - Alfred Perlstein .- VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 .- FreeBSD committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110831201032.GT19022>