Re: [f-cpu] TLB resume

[Michael Riepe <michael@stud.uni-hannover.de>]

On Wed, Aug 07, 2002 at 12:54:32AM +0200, nico wrote:
[...]
> > If supervisor mode is allowed to always access everything, you have a
> > big security hole.
> 
> Could you explain why ?

Because when a user process calls the OS kernel, the system call is
executed with supervisor access rights. That is, you can take an address
that you're not allowed to access and pass it to the kernel, and the
kernel *is* allowed to access it. You'll have to add rather expensive
memory bounds checks to almost every system call in order to prevent that.
Sacrificing three bits per TLB entry is cheaper (and more secure).

-- 
 Michael "Tired" Riepe <Michael.Riepe@stud.uni-hannover.de>
 "All I wanna do is have a little fun before I die"
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/