Hi, On Wed, Nov 15, 2006 at 04:09:01AM +0000, Justin Emmanuel wrote:
> The original thought that I had was, wouldn't it be cool if: > > The DDL was compiled to a byte code (This allows for closed source > drivers). No thanks, we don't want nonfree drivers. If your framework simplifies creating those, that's a major disadvantage in our view. > The byte code would be used by the OS to 'learn' to build the driver > code itself. Well, we do understand that your idea is to have a trusted compiler. (Just like in Singularity.) Only we don't see any advantage in such an approach... > Nothing direct from the outside would be placed directly against the > hardware and the drivers should be fully held to account at every > step. Seems it wasn't clear enough in the previous replies, so I'll try again: There are only two possible situations. Either the hardware device in question is nice, and it's possible to give the driver access to safe resources only. If so, traditional process boundaries are perfectly sufficient to enforce security, totally independant of the language and/or compiler used. Or the hardware is inherently dangerous. In this case, no kind of checking can help. Trying to enforce some policy on drivers by a special language and trusted compiler is really pointless, sorry. -antrik- _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
