Talk:Security

From OSDev Wiki
Jump to navigation Jump to search

Ring 1 and 2

The description for ring 1 and 2 is: "They offer more protection, but not as much as ring 3." I feel that this is description is inappropriate for an OS dev website where you may find a user that has a purpose to use those ring levels. After a lot of searching I have failed to find any explination that clearly describes how the CPU handles those two rings (99% of cases it says 'they are rarely used' or 'they offer a little more protection than ring 0' but in exactly what ways?)

Having the description extended to include exact technical details of those ring levels would be highly appreciated. --Messiahandrw 08:16, 19 August 2009 (UTC)

I think the Processor Manuals have a summary of the features available on each privilege level, and if I remember things correctly, some instruction are strictly CPL==0, while others require CPL <= IOPL. Then we have the access checks imposed by the DPL and if the conforming bit is set.

So technically, it should be possible to set IOPL to 1, and have the kernel in PL0 and device drivers (either because you don't fully trust them or by default) in PL1, making it possible to protect the kernel a little more from malicious or buggy device drivers.

Note that running device ISR's at PL1 would require special coding (basically a variation on the callback theme, only that you call PL1 code instead of PL3 code), which causes more clock cycles to be used. I could elaborate on this a little more if asked. --Teodor väänänen 10:20, 19 August 2009 (UTC)

High level mechanisms

This needs more stuff about high level security, such as managing users and how users own processes and files. Also handling considerations such as "how would 'sudo' or 'su' work?" will there be sessions or just a simple process list? By what way will users actually login to your system? --Earlz 04:46, 5 June 2009 (UTC)

ASLR

Looks like ASLR can easily be worked around on architectures with a cache. https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/ Should the page be edited to show this? --Matt11235 09:35, 15 February 2017 (CST)