Re: Network performance
Aaron Ucko (UCKO@vax1.rockhurst.edu)
Mon, 01 Jul 1996 14:20:29 -0600 (CST)
> Interesting...how was this made secure? The OS must have implemented shared
> libs in such a way that library code was privileged but user code wasn't...
> I don't even want to THINK about statically linked binaries! :-) Reminds
> me of Hurd, though.
>
> Why does the library code need to be privileged? Read and write can be built
> out of memory mapping primitives without security problems so long as the
> kernel implements the proper access rights on the underlying mapped object.
> Naturally, installing a new type manager required the appropriate access rights
> itself. As for static linking, the global libraries were *never* statically
> linked into anything. It just wasn't possible or necessary.
>
> Leonard
>
>
>The system of privileged libraries is used in IBM's MVS (don't shoot,
>please) it would be nice to have it for SVGAlib games. Running suid
>root too much programs and specially games makes me nervous: it is an
>open door to virusses. With privileged libraries the program would be
>suid root only when executing library code (got from a secure source) and
>not the entire game you don't know where it comes from.
Secure privileged libraries would cause too many headaches to be worth the
trouble. Besides, a better solution to the SVGAlib situation is in the
works anyway: GGI. GGI would add a small amount of code to the kernel to
allow for safe video card access by everyday programs, so that SVGAlib
programs, X servers, etc. would no longer have to be setuid.
--
Aaron Ucko (ucko@vax1.rockhurst.edu; finger for PGP public key) | Geek Code
3.1 [for explanation, finger hayden@mankato.msus.edu]: GCS/M/S/C d- s+: a18
C++(+++)>++++ UL++>+++ P++(+++) L+++(++++)>+++++ E- W+(-) N++(+) o+ K- w---
O M-@ V-(--) PS++(+++) PE- Y+ PGP(+) t(+) !5 X-- R(-) tv-@ b++(+++) DI+ D--
G++(+++) e>+++++(*) h!>+ r-(--)>+++ y? | "That's right," he said. "We're
philosophers. We think, therefore we am." -- Terry Pratchett, _Small Gods_