Re: Security models

[Arne Babenhauserheide]

Am Donnerstag 18 Dezember 2008 09:06:15 schrieb olafBuddenhagen@gmx.net:
> > (by the way: having a user process which manages a non-restricted
> > buffer should give almost the same advantages as giving memory
> > directly to the server, but without the drawbacks. And it should be
> > painless, since you'll most likely access the system process through a
> > library anyway, and the library can handle the buffering)
>
> No idea what you are talking about...

I talk about teh case where a hardware-critical part is being accessed and the 
operation would need much memory (like transmitting a very large file over the 
network without having to do it in smaller parts on the programs side). 

In that case a system server could run out of memory (or would need a high 
amount of memory available to it). 

This could be avoided very simply, though, by setting up a buffering server 
with user permissions which makes sure that the hardware critical part only 
gets the data in small chunks, while no other user process has to worry about 
that buffer. 

The memory for buffering would then be provided by the user, but the hardware 
critical part (sending machine code to the network card) would be controlled 
by root, so no user but root can shoot down a network card. 

> Actually, I don't think that all people on this list know about remote
> attestation... OTOH, it was really only a reply to Michal -- I don't
> think there are many others reading this (sub)thread anymore :-)

:) 

It's been interesting to me, though. 

Thanks for participating! 

Best wishes, 
Arne
-- 
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the 
history of free software.
-- Ein Würfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.

-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt

signature.asc
Description: This is a digitally signed message part.