18 Aug
2006
18 Aug
'06
11:11 p.m.
On 8/19/2006 at 12:49 AM Alexey Toptygin wrote:
This is computationally expensive and complicated.
Every time you have to
cross a privilege boundary you have to switch context, validate any data
going across and verify permissions. You also need an exact specification
of the interface for every such interface - if the system doesn't know
what your DLL is allowed to do, how can it stop it from doing what it
shouldn't? This is why this sort of pain is usually reserved for the
user-kernel interface.
I don't think so. There is a subset of all DLLs that can be classified as
"trusted"--they know to check arguments and the operation is well-defined.
One might classify these as "friendly" DLLs and omit any sort of checking.
For all others, the calling program can specify a tighter degree of control
at the expense of more overhead.
Cheers,
Chuck