> > The Hurd provides the same security protection that other POSIX systems, > > including Linux, BSD, etc... If AROS runs as a user-level application > > in the Hurd, it will be as secure as other user-level applications. > > If it runs as a task (or set of tasks) directly on top of the microkernel > > (Mach, L4, ...), it will be even more isolated from other tasks, including > > Hurd tasks. > > There are a couple of issues though you have to be aware of if you want to > do that. First of all, Mach is open to all sorts of DoS attacks. L4 isn't, > because all "global" effects are wrapped in system calls which require > privileges (ie, only the root task can call them). So the root task becomes > the aribter on such privileged operations. Of course we will have a generic > rootserver that allwos you to do that. The only other thing that you then > must be aware of is the DoS attack of bombarding other (server) threads with > messages (which they will reject of course). There is a feature in L4 > (redirector) that can be used to prevent that, but it causes an overhead on > every IPC from that thread you use it for. Still you might have to use a > global redirector task in the system that controls which task is allowed to > send messages to which other tasks (or subsystem, if that's a feature you > want to have), for ultimate security.
Ummm... right. :-) -- Farid Hajji. http://www.farid-hajji.net/address.html
