From owner-freebsd-security  Mon Nov 12 11:52:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id DC3C337B417
	for <freebsd-security@FreeBSD.ORG>; Mon, 12 Nov 2001 11:52:33 -0800 (PST)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.11.6/8.9.1) id fACJqLZ06073;
	Mon, 12 Nov 2001 11:52:21 -0800 (PST)
	(envelope-from dillon)
Date: Mon, 12 Nov 2001 11:52:21 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200111121952.fACJqLZ06073@apollo.backplane.com>
To: "Anthony Atkielski" <anthony@atkielski.com>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: FreeBSD and i386 VM hardware
References:  <01b301c16918$be1763a0$0a00000a@atkielski.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


:To what extent does FreeBSD actually use all the fancy virtual-memory features
:of latter-day i386 processors?  As I recall (it has been several years since I
:looked into it), the Intel microprocessors provide some very elaborate features
:for management of virtual memory, I/O operations, and security, allowing total
:hardware isolation of untrusted processes.  How much of this is used by FreeBSD?
:I know that UNIX is supposed to isolate users from each other, but how much of
:this is done in hardware, and how much of it is simulated in software?  Very
:tight security usually requires a lot of interdependency between the hardware
:and the OS, and since UNIX is supposed to be a multiplatform OS, I'm wondering
:how much hardware support for security is actually used by the system.

    Well, All UNIX OS's running in intel hardware, including FreeBSD,
    use most of the major MMU/VM features of the processor.  Not all of
    them, because some just don't work properly, but certainly most of
    them.  For example, FreeBSD uses ring 0 and ring 3 but ring 1 and ring 2
    are completely useless to us due to the way interrupt stacks are designed
    in the intel architecture.  We use 4K MMU pages predominantly but only
    use 4M MMU pages in certain (kernel-related) situations.  At least for
    the moment.  We use interrupt and trap gates but do not use the 
    call-argument-crossing-ring-boundry or hardware tasking crap.

    This is really true of all UNIXes... it is the UNIX model, after all!
    While it is possible for root processes to access portions of the
    hardware directly, the number that do can be counted on one hand, 
    must ask for it explicitly, and the feature can be disabled through the
    securelevel sysctl.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message