On Thu, Nov 07, 2002 at 07:22:09PM +0000, Jan Jaeger was heard to remark: > Linas, > Do I understand you correctly, in that you propose a multi layered system > integrity design, whereby shared libs for example have a different > authorisation from normal apps (almost like a multi ring structure)?
Yes, I beleive something like that may be possible. Till someone actually tries to do it, and learns some lessons, I don't know. I'd love to try, but I'd need a new employer :-) > One of the issues I can see with such an implementation in linux, is that > the solutions to achive something like this are going to be very hw platform > dependent. S/390 offers a wealth of features to implement this efficiently > whereas other hw platforms which are more risc based will need to do a lot > of tricks. Yes. I'm not convinced that s/390 even has exactly the best set of features, but clearly (I'm thinking storage keys) it comes close. Other CPU's are SOL, although I thought maybe some of the risc arches are moving in a similar direction. Lord knows what intel is planning. > In order to keep linux linux, one could think of some kind of micro kernel No. This is at best an experiment, whose success/failure suggests new feautres for future CPU's. Maybe if it was a wild success, one might try to have some backwards compat mode ... but I can't see that, not now. > Such a model is by no means new, AIX V2 (RT) ran under a virtual resource I have an RT in storage somewhere. It even booted last time I turned it on. -- pub 1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <[EMAIL PROTECTED]> PGP Key fingerprint = 8305 2521 6000 0B5E 8984 3F54 64A9 9A82 0104 5933
