On Wednesday 26 April 2006 19:17, Jonathan S. Shapiro wrote: > On Wed, 2006-04-26 at 19:05 -0500, Jesse D. McDonald wrote: > > On Wednesday 26 April 2006 18:07, Christopher Nelson wrote: > > > This is my point. The PCI driver may not KNOW about all the legacy > > > ports. And why should it need to? Does it need to know about every > > > legacy port for every ISA device ever made? > > > > This appears to be the primary point of contention for at least one > > version of this thread, but the resolution is simple. In no case would an > > untrusted device driver loaded by the user be granted free access to > > either the PCI bus (or any device thereon, given their DMA capabilities) > > or the system I/O space. > > Good. Then we are done, because this is basically the universal set of > all devices.
It's actually a fairly limited set of devices. It doesn't include, for example, USB or IEEE-1394 devices (even if they happen to be accessed through a PCI controller), or (probably) ATA devices (it depends on the ATA protocol). In other words, it doesn't include any devices which a user might reasonably be expected to connect to a computer without physically taking it apart. If you can take the computer apart, then software security isn't really an obstacle. The only device unders discussion which wouldn't be eligible for an untrusted driver would be the PCI/ISA device you brought up, and CardBus devices. In the latter case, since CardBus devices can be bus controllers by themselves, you've *already* compromised your security the moment such a device is plugged in to an active bus.
pgpwke1OEpaRg.pgp
Description: PGP signature
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
