Ring 1 and 2
The description for ring 1 and 2 is: "They offer more protection, but not as much as ring 3." I feel that this is description is inappropriate for an OS dev website where you may find a user that has a purpose to use those ring levels. After a lot of searching I have failed to find any explination that clearly describes how the CPU handles those two rings (99% of cases it says 'they are rarely used' or 'they offer a little more protection than ring 0' but in exactly what ways?)
Having the description extended to include exact technical details of those ring levels would be highly appreciated. --Messiahandrw 08:16, 19 August 2009 (UTC)
I think the Processor Manuals have a summary of the features available on each privilege level, and if I remember things correctly, some instruction are strictly CPL==0, while others require CPL <= IOPL. Then we have the access checks imposed by the DPL and if the conforming bit is set.
So technically, it should be possible to set IOPL to 1, and have the kernel in PL0 and device drivers (either because you don't fully trust them or by default) in PL1, making it possible to protect the kernel a little more from malicious or buggy device drivers.
Note that running device ISR's at PL1 would require special coding (basically a variation on the callback theme, only that you call PL1 code instead of PL3 code), which causes more clock cycles to be used. I could elaborate on this a little more if asked. --Teodor väänänen 10:20, 19 August 2009 (UTC)
High level mechanisms
This needs more stuff about high level security, such as managing users and how users own processes and files. Also handling considerations such as "how would 'sudo' or 'su' work?" will there be sessions or just a simple process list? By what way will users actually login to your system? --Earlz 04:46, 5 June 2009 (UTC)