Re: Hurd Advocacy?
On Wed, Aug 20, 2003 at 10:11:17AM +0200, Farid Hajji wrote:
> The Hurd provides the same security protection that other POSIX systems,
> including Linux, BSD, etc... If AROS runs as a user-level application
> in the Hurd, it will be as secure as other user-level applications.
> If it runs as a task (or set of tasks) directly on top of the microkernel
> (Mach, L4, ...), it will be even more isolated from other tasks, including
> Hurd tasks.
There are a couple of issues though you have to be aware of if you want to
do that. First of all, Mach is open to all sorts of DoS attacks. L4 isn't,
because all "global" effects are wrapped in system calls which require
privileges (ie, only the root task can call them). So the root task becomes
the aribter on such privileged operations. Of course we will have a generic
rootserver that allwos you to do that. The only other thing that you then
must be aware of is the DoS attack of bombarding other (server) threads with
messages (which they will reject of course). There is a feature in L4
(redirector) that can be used to prevent that, but it causes an overhead on
every IPC from that thread you use it for. Still you might have to use a
global redirector task in the system that controls which task is allowed to
send messages to which other tasks (or subsystem, if that's a feature you
want to have), for ultimate security.
This thread is not off-topic, but on the wrong list :)
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/
Reply to: