Re: [PATCH] - fix for local root exploit in exim 3.35.
On Fri, Dec 20, 2002 at 01:05:15AM +0100, Ulrich Eckhardt wrote:
> On Thursday 19 December 2002 23:38, Matthew McGuire wrote:
> > Case in point,
> > an MS patent regarding Palladium like software architecture are broad
> > enough in definition to threaten projects like the HURD. Ironically, I
> > believe the HURD could be used as an example of prior art in this case
> > as well.
>
> Could you elaborate a bit what you meant with that ? Just curious ...
>
> thanks
> Uli
>
Although it has been some time since I reviewed the patent (No. 6,185,678),
I noted that with the exception of the use of hardware the authorization
method is very similar to the HURD 'auth' server setup.
In Palladium -
As I interpret it, the BIOS loads base system which contains a certified
software authority. This embedded app is responsible for determining the
validity of any software executed further. It will permit or deny access
based on an external certification registry. (That's the scary part.)
In the HURD -
As I remember it, the system boots up using GRUB, which starts GnuMach.
Then the auth and filesystem servers are started and establich
communication with each other. Then the rest of the base system is
loaded. As each following piece is loaded the auth server either permits
or denies any further usage of system resources. All communication,
memory allocation, and hardware access is managed by the auth server.
Conceptualy the two seem directly similar in design and purpose. HURD
just does the same thing without the hardware. Truthfully the HURD is
not really complete, but the majority of the design is already
implemented. The patent was filed in 2001, so the HURD's design outdates
the Palladium one. Sadly, the legal experts will probably note that the
inclusion of hardware in the patent seperates it from the HURD enough
for it to pass. Which irritates me to no end.
They seem too similar for the patent to be considered an original
invention.
Foo,
Matthew McGuire
PS: Not real sure about the memory allocation role of 'auth' in the
HURD, but I think it was in the initial design.
Reply to: