View Single Post
Old 27 March 2015, 13:47   #51
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Originally Posted by Minuous View Post
A stock A1200 can't run any modern version of AmigaOS (eg. OS3.9) anyway. And memory protection would be disabled for non-MMU systems, that doesn't mean MMU-equipped systems should be held back. That's a bit like not supporting AGA because some systems only have OCS.
Oh i entirely agree. But i still like to think about what can be done with a stock A1200, or even a stock A500 come to that (or at least, one with a 68010 installed).

Not really feasible to have security without one. Only way would be to run all programs via a CPU emulator, which would intercept memory accesses and do MMU-esque handling of such accesses. That would work in theory but performance would be awful.
Security is always relative, there will always be some way to compromise a system if someone is willing to try hard enough. An Amiga without an MMU can certainly be more secure than they currently are. A filesystem with some notion of user/system access levels could make it harder to compromise by OS-legal means. And i have mooted the possibility of RAM expansions that separate Supervisor and User address spaces.

Yes, some combination of API argument checking and/or fixes to eg. buffer overflow vulnerabilities that some OS functions have would be required before the system could be considered fully secure.
And that's not all. There are library functions that can be used to do all sorts of sinister things even with valid arguments, functions that allow one to patch OS calls, or enter the Supervisor CPU state. We should have some concept of privileged Exec functions. Also functions often give out addresses of structures that, if modified, could wreak havoc. With no memory protection of course in theory it would be possible to scan the entire RAM to find these sorts of things but currently things really are far too easy for any would-be hacker.
Mrs Beanbag is offline  
Page generated in 0.06432 seconds with 9 queries