"Khimenko Victor" <khim@sch57.msk.ru> said:
> In <20000725201630.E437@gnu.org> Adam Sampson (azz@gnu.org) wrote:
[...]
> > (Imagine an OS which ran everything under an emulated processor---it would
> > be easy to trap hardware accesses and validate them.)
> Trap - may be. Validate - hardly. Malicious IDE code is small enough to
> fit in boot sector. No how you'll distinguish good LiLo try to change
> boot sector from bad cracker ?
Maybe it can be done. But to try to discern "safe" from "unsafe" code is
_very_ hard, even in a fully controlled environment: Witness Java bytecode
validator screwups over the years. And Java bytecode is much simpler and
much more restricted in what it should be able to do.
The bottom line here is: Yes, it can be done (in principle at least; but
that could very well mean that the standard has to be done over). Yes,
having it would be useful. Not very much, but somewhat useful anyway. But
the cost to do it right in software (kernel) alone is astronomical, and a
half-assed job just doesn't cut the mustard. So, better leave it alone,
place a generic safeguard on it, and hand root (or the sysadmin) the
responsiblity of doing it right. Remember that the kernel is just _one_
piece of a much larger system that includes hardware, assorted other
software, and people. Give each part of the job to the part of the system
which is able to do it best (or at the least cost).
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:21 EST