[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] kernel 1.15.10b fragmentation



> > However, IMHO, the more proper solution would be to develop an AES which
> > works completely in user context. This would allow (in some future) to
> > remove the F_OS_SPECIAL flag, which is simply a dangerous idiotism, and
> > creates a security hole big like the Baltic Sea.
> 
> The AES would become unbearable slow if it cannot access the parameter areas
> directly. The AES is a important part of the operating environment and should
> be granted a certain level of trust.

You do not understand. Running in user context means that there is no such
process an "AES" anymore, and structures obviously can be accessed
directly, because all this is done in the context of the calling
applications. In this case no F_OS_SPECIAl neither any other "more
elaborate authentication procedures" would be necessary.

AES is perhaps an important part of the operating environment, but the
system should not be brought down, when the AES fails. If you think you
are able to develop an AES which is perfectlty bug free an can behave
rationally in any setup and situation, I wish you good luck.

Regardless of that, the F_OS_SPECIAL facility should be taken away off the
kernel, if not because of the stability problems it causes, then because
of the security risk it introduces.

> It would be a good idee however to replace the simple F_OS_SPECIAL
> flag setting by a more elaborate authentication procedure.

For example?

--
Konrad M.Kokoszkiewicz
mail: draco@atari.org
http://draco.atari.org

** Ea natura multitudinis est,
** aut servit humiliter, aut superbe dominatur (Liv. XXIV,25)
*************************************************************
** Taka to juz natura pospolstwa, ze albo sluzy ono unizenie,
** albo bezczelnie sie panoszy.