home *** CD-ROM | disk | FTP | other *** search
- Subject: Re: Security in MiNT
- Date: Sun, 08 May 1994 19:07:26 +0100
- From: "C.P.Briscoe-Smith" <cpbs@ukc.ac.uk>
-
- Hullo there!
-
- Thierry wrote:
-
- >There are some security holes which will be difficult to plug. For
- >instance, any user process can call Super(0L) to switch the
- >microprocessor into supervisor mode, raise the IPL mask to seven, and
- >enter a tight loop (or even nastier). Nice, isn't it?
- >
- >Of course, you could think of making Super() and Supexec() usable only
- >by root, but since the MiNTlibs need one of these functions to scan the
- >cookie jar (and test for the presence of MiNT), it's not realistic.
-
- What about making new system calls to store and retrieve cookies?
-
- At the moment, any process that wants to install a cookie in the jar
- must either write the cookie into the memory area belonging to another
- process, or remove the reference to that process's memory area, and
- make a new area that's larger than the old (which is itself sightly
- wasteful as it leaves old cookie jars lying around in memory!)
-
- If the cookie jar was administered by the kernel, I feel things would
- be cleaner, and it would be a step towards making MiNT more secure,
- too.
-
- If the jar was still maintained at the current address, existing
- programs would still be able to manipulate it, but later on Supexec()
- could be made root-only, and security tightened up.
-
- What do you think?
-
- --
- Charles Briscoe-Smith
- 2nd Year student of Computer Science
- University of Kent at Canterbury, United Kingdom, European Union.
-