[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH] - fix for local root exploit in exim 3.35.

On Fri, Dec 20, 2002 at 01:05:15AM +0100, Ulrich Eckhardt wrote:
> On Thursday 19 December 2002 23:38, Matthew McGuire wrote:
> > Case in point,
> > an MS patent regarding Palladium like software architecture are broad
> > enough in definition to threaten projects like the HURD. Ironically, I
> > believe the HURD could be used as an example of prior art in this case
> > as well.
> Could you elaborate a bit what you meant with that ? Just curious ...
> thanks
> Uli

Although it has been some time since I reviewed the patent (No. 6,185,678), 
I noted that with the exception of the use of hardware the authorization 
method is very similar to the HURD 'auth' server setup.

In Palladium - 
As I interpret it, the BIOS loads base system which contains a certified 
software authority. This embedded app is responsible for determining the
validity of any software executed further. It will permit or deny access 
based on an external certification registry. (That's the scary part.)

In the HURD - 
As I remember it, the system boots up using GRUB, which starts GnuMach. 
Then the auth and filesystem servers are started and establich 
communication with each other. Then the rest of the base system is 
loaded. As each following piece is loaded the auth server either permits 
or denies any further usage of system resources. All communication, 
memory allocation, and hardware access is managed by the auth server.

Conceptualy the two seem directly similar in design and purpose. HURD 
just does the same thing without the hardware. Truthfully the HURD is 
not really complete, but the majority of the design is already 
implemented. The patent was filed in 2001, so the HURD's design outdates 
the Palladium one. Sadly, the legal experts will probably note that the 
inclusion of hardware in the patent seperates it from the HURD enough 
for it to pass. Which irritates me to no end.

They seem too similar for the patent to be considered an original 


Matthew McGuire

PS: Not real sure about the memory allocation role of 'auth' in the 
HURD, but I think it was in the initial design.

Reply to: