View Single Post
Old 31 July 2015, 20:10   #119
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by Mrs Beanbag View Post
How does it do that? It has to exploit holes in the operating system's security model, surely. You can't force your way through the hardware.
How does it do that ? Well, do you remember the last time you got some malware ? Perhaps you can study it to find out.


Quote:
Originally Posted by Mrs Beanbag View Post
You put a lot of emphasis on spam-factories though, this is not the only reason to hack someone's machine.
Not the only reason, but a very common one.


Quote:
Originally Posted by Mrs Beanbag View Post
Well there are no (known) holes in the XBox 360 security model. There was one bug in the code when it was first released, which they fixed. Now the only way to hack this machine is to modify the hardware. It's doable... but obviously not remotely.
No known hole doesn't mean no hole at all.


Quote:
Originally Posted by Mrs Beanbag View Post
Well, consider your idea of being able to turn it off. If a user process can turn it off, anyone can turn it off. How can you allow the user to turn off protection, without letting malicious code do so? This, of course, is the general crux of the security problem.
If the user can format his hard drive, then malicious code also can ?
If not, why turning memory protection off would be allowed for malicious code for the sole reason the user is allowed to do so ?


Quote:
Originally Posted by Mrs Beanbag View Post
You could, perhaps, implement a model like the XBox 360 uses, where only signed code can use kernel space, and where the user can sign their own code (but don't keep the private key on the same machine!)
What would prevent hackers from signing their code too ?


Quote:
Originally Posted by Mrs Beanbag View Post
A possible alternative to hardware memory protection is something like the Java model, run everything in a sort of virtual machine. I'm personally sceptical of claims that Java can outperform C code but that is what some people say. Apparently there are Java exploits too, though.
Sandboxes are secure but not 100%. Especially not Java (which is indeed one of the slowest language i've seen so far).


Quote:
Originally Posted by Mrs Beanbag View Post
Ultimately, if you are writing a general purpose OS i think the best you can do is try to stay as far ahead of the hackers as you can.
I do not fear hackers.
I'm a lot more concerned about the hardware.


Having a system that can work without memory protection means that it can work without an MMU, which, you have to admit, is :
1. Absolutely mandatory for memory protection,
2. Quite costly to implement in a soft core, which seems the only option we have now.
Killing that ability for "security" doesn't sound clever to me.
meynaf is offline  
 
Page generated in 0.10248 seconds with 9 queries