[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SEUL: Re: Project clarification




   On Thu, 8 Jan 1998, Aldo Solari [APS] wrote:

   > 
   > Doesn't the modular nature of LinUX (say ... RedHat) allow for
   > incorporation of all GUI parameters in the kernel without having
   > a memory beast ?
   > 
   Such a thing would NEVER get accepted into the kernel.  There's plenty of
   future in command-line driven machines, AAMOF, there is no such thing as
   an OS WITHOUT a text-based command-line.  Integrating X into the kernel
   would make it impossible to run on a number of platforms, it would be
   slow, bloated, buggy.  In fact, it would take on MANY of the problems of
   Win95.  Even Win95(in the computing world) is a minority, there are a
   number of OSs which have more than twice it's usage.  TTYL!

Modules are there to insure than the kernel remains small.  And GGI is
only the part managing the graphics card more alike SVGAlib than X.

The problem with the SVGAlib approach is than it is a big security
problem.  You cannot allow ordinary process direct access to hardware
so we only alllow it to suid root programs.  Not abig problem is you
are only running X because you have only X to watch.  But games are
slow on X and every program using SVGAlib needs to be suid root: they
are the perfect backdoor for viruses and worse.

Also the IOPL system call is a problem.  Originally a root program
could ask direct access to ports with another system call..  Unhappily
the table for keeping track of this was fixed size and small so for
programs needing access to high numbered ports like X the IOPL system
call was added who allows the process to get full IO privileges on any
port but the Intel architecture alllows the user process to block
interrupts and I think than it also allows using DMA and DMA does not
respect segement limits.

GGI would allow to get rid of these security concerns.

-- 
			Jean Francois Martinez

==================== The Linux.  Use the Linux, Luke! =======================