View Single Post
Old 31 July 2015, 17:56   #117
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Originally Posted by meynaf View Post
The point is that, even though code can do less things under memory protection, what it can do is largely enough to mess up things a lot and get enough control to turn your machine into a spam-sending zombie - and at the end, there is no difference (apart the reduced freedom under the protected system).
How does it do that? It has to exploit holes in the operating system's security model, surely. You can't force your way through the hardware.

You put a lot of emphasis on spam-factories though, this is not the only reason to hack someone's machine.

You seem to want an "ideal" system in which there are no security holes. In that case, indeed it would be worth the trouble. But i'm afraid that this simply can't exist.
Well there are no (known) holes in the XBox 360 security model. There was one bug in the code when it was first released, which they fixed. Now the only way to hack this machine is to modify the hardware. It's doable... but obviously not remotely.

Anyway, what do you have against a system where memory protection is an option ? Why the heck can't we be true supervisors of our own machines ?
Well, consider your idea of being able to turn it off. If a user process can turn it off, anyone can turn it off. How can you allow the user to turn off protection, without letting malicious code do so? This, of course, is the general crux of the security problem.

You could, perhaps, implement a model like the XBox 360 uses, where only signed code can use kernel space, and where the user can sign their own code (but don't keep the private key on the same machine!)

A possible alternative to hardware memory protection is something like the Java model, run everything in a sort of virtual machine. I'm personally sceptical of claims that Java can outperform C code but that is what some people say. Apparently there are Java exploits too, though.

Ultimately, if you are writing a general purpose OS i think the best you can do is try to stay as far ahead of the hackers as you can.
Mrs Beanbag is offline  
Page generated in 0.07656 seconds with 9 queries