Re: Hurd Advocacy?

[Farid Hajji <farid.hajji@ob.kamp.net>]

> > The Hurd provides the same security protection that other POSIX systems,
> > including Linux, BSD, etc... If AROS runs as a user-level application
> > in the Hurd, it will be as secure as other user-level applications.
> > If it runs as a task (or set of tasks) directly on top of the microkernel
> > (Mach, L4, ...), it will be even more isolated from other tasks, including
> > Hurd tasks.
> 
> There are a couple of issues though you have to be aware of if you want to
> do that.  First of all, Mach is open to all sorts of DoS attacks.  L4 isn't,
> because all "global" effects are wrapped in system calls which require
> privileges (ie, only the root task can call them).  So the root task becomes
> the aribter on such privileged operations.  Of course we will have a generic
> rootserver that allwos you to do that.  The only other thing that you then
> must be aware of is the DoS attack of bombarding other (server) threads with
> messages (which they will reject of course).  There is a feature in L4
> (redirector) that can be used to prevent that, but it causes an overhead on
> every IPC from that thread you use it for.  Still you might have to use a
> global redirector task in the system that controls which task is allowed to
> send messages to which other tasks (or subsystem, if that's a feature you
> want to have), for ultimate security.

Ummm... right. :-)

-- 
Farid Hajji. http://www.farid-hajji.net/address.html