Re: Security stuff

[Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>]

Hartmut Keller <keller@goethe.informatik.uni-stuttgart.de> writes:

|> Ok, here my thoughts to these points:

|> 1. A GEM, VDI or AES call is in fact a trap-exception. This means that
|> execution *is* changed to supervisor mode and GEM *is* running in SV
|> mode. But who cares? Every function returns savely back to the caller
|> in user mode. It is only a problem if there is a way to register a
|> call back function in GEM which is called in SV mode. Then this
|> is an indirect way of gaining access to SV mode: register function,
|> trigger callback, there you are. Does GEM offer such a feature? Then
|> these register functions should be restricted.

GEM writes to memory on request from the caller (intout, ptsout, addrout).
The address of this memory is user defined, and GEM does not check it in
any way.  Thus you can use GEM to write to arbitrary memory regions.  The
only way to make this safe is to disallow GEM altogether.

-- 
Andreas Schwab                                      "And now for something
schwab@issan.informatik.uni-dortmund.de              completely different"