httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter J. Cranstone" <cransto...@comcast.net>
Subject RE: pgp trust for https?
Date Wed, 09 Nov 2005 20:11:56 GMT
No problem - Itanium has the architecture you need. You can isolate all the
physical memory into compartments controlled by a protection key. Each
compartment has the ability to individually control read, write and execute
privileges.  

Peter
cranstone1@comcast.net 

-----Original Message-----
From: Paul A Houle [mailto:ph18@cornell.edu] 
Sent: Wednesday, November 09, 2005 1:07 PM
To: dev@httpd.apache.org
Subject: Re: pgp trust for https?

Peter J. Cranstone wrote:

>Currently Windows, Linux and Unix only use two levels of privilege - Ring 3
>and Ring 0. Everybody and there uncle's code want to run at Ring 0. Another
>really bad idea, as once I introduce a network/video/keyboard/whatever
>driver at that level I can execute malicious code. From there I can control
>the machine.
>
>  
>
    You'd need a new hardware architecture for ring 1 drivers to be 
worth it.  The trouble is that drivers can initiate DMA operations 
against physical memory.  Unless you devise some system where the OS can 
veto DMA operations,  protection in the CPU is worthless.


Mime
View raw message