18 Aug
2006
18 Aug
'06
5:49 p.m.
On Fri, 18 Aug 2006, Chuck Guzis wrote:
On 8/18/2006 at 3:17 PM Don wrote:
This is computationally expensive and complicated. Every time you have to
cross a privilege boundary you have to switch context, validate any data
going across and verify permissions. You also need an exact specification
of the interface for every such interface - if the system doesn't know
what your DLL is allowed to do, how can it stop it from doing what it
shouldn't? This is why this sort of pain is usually reserved for the
user-kernel interface.
Alexey
But, user applications can be developed using
tools that
fail to observe your conventions WITHIN their application.
I.e. it seems like the only mechanisms that you can put
in place are those that are invoked at protection boundaries.
(?)
Why are protections primarily reserved for OS-level tasks? Why not subset
protections within the user area? A user should be able to say that a
plugin or DLL should have only a certain limited number of privledges.