Subject: Re: Looking ahead
To: NetBSD Embedded Systems Technical Discussion List <tech-embed@NetBSD.org>
From: Allen Briggs <briggs@netbsd.org>
List: tech-embed
Date: 06/05/2007 13:53:56
--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jun 05, 2007 at 01:22:07PM -0400, Greg A. Woods wrote:
> > * Support for layered security for LKMs (LKMs have no access to
> > ring 0 on x86?)
> That last idea seems contrary to the very idea of embedded systems in
> general, never mind contrary to fundamental good security goals overall.
I'd be interested to see more discussion about this. I don't
know the x86 privilege model and don't currently have much interest
in x86-based embedded systems, but it seems reasonable to give LKMs
different levels of trust.
As I mentioned, I see "embedded" running a pretty wide range of
systems and applications. I tend toward working with/on the smaller,
networked, minimal/serial console kind of systems, but others might
be handheld PCs, game systems, metro-scale routers, DVRs, etc. There
are some cases where I can see LKMs in use and yet not fully trusted
with full system access.
-allen
--=20
Allen Briggs | http://www.ninthwonder.com/~briggs/ | briggs@ninthwonder=
=2Ecom
--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)
iQEVAwUBRmWjNGIPSzajGzeGAQILKggA8+NNX95DCM5v3bDWEAdhnGcaN4c/H2wK
PFBUHoMEHa706H1H8FOY7lJhK9hb+wo7/gwfHGg82tafbEy+e8b811dM5sKDA7nH
k4mhSmAZCqB+hL2KOY7c8Y/AdG7tHuyvuLK9VHuapjDESn4njjIMdvkPBNzwzfW7
LQaceBrV8+cL+LqOJ5bv4Oa0+2+pCWS9O2z6EnOLcAmknxpydF+hGwDar+BFja+Y
N5tVUg/54OL3YosKJASgBLR76FJskJ67pZkfy+KWyUW5AGfnWexvPRSvLFtFkoTo
3VUAv+qiZe4pttpaQzBQ0+AJdrktmMqMY9akM+us555sWcuE8ExaTg==
=gQN/
-----END PGP SIGNATURE-----
--a8Wt8u1KmwUX3Y2C--