On Fri, 14 Dec 2001, Dominik Kubla wrote:
> On Thu, Dec 13, 2001 at 01:34:45PM -0500, Richard B. Johnson wrote:
> >
> > Well RAM is a hell of a lot cheaper than NVRAM. If you don't have
> > the required RAM on your box, the hardware engineers screwed up
> > and have to be "educated" preferably with an axe in the parking-lot.
> >
>
> What about security issues? I can imagine quite a few scenarios where
> you would want to insure that you run untampered binaries. (eg. use
> ROM instead of the usual CD-ROM or read-only FD to run your security
> critical application.)
>
I never even implied that you would run CD-ROM or FD in embedded
applications. The stuff that runs comes-from ROM, actually NVRAM so
in can be written/updated in production. However, EIP software
(Execute In Place) has always been a dog and, even Ethernet switches
3COM, Cisco, etc., don't run that way. You need to get the stuff
that runs into RAM.
Security isn't a problem with embedded systems because everything
that could possibly be done is handled with a "monitor". There is
no shell. If there is no way to execute some foreign executable,
you don't have a security issue unless some dumb alleged software
engineer added some back-doors to the monitor.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
Santa Claus is coming to town...
He knows if you've been sleeping,
He knows if you're awake;
He knows if you've been bad or good,
So he must be Attorney General Ashcroft.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Dec 23 2001 - 21:00:13 EST