Hi!
> >>The best environment to deploy such functionality is
> >>in updating by remote,
> >>executable code (programs, libs and modules) on
> >>embedded devices running
> >>Linux, that have some form of kernel physical
> >>security, so one can't
> >
> >How would that physical security look like? Would it
> >include DMA
> >protection?
> >
> >For example to do any useful form of graphics you need
> >user controllable DMA, which can normally touch
> >everything.
> >There are various other similar "backdoors" for root.
> >
> >I'm somewhat sceptical because all kernels will need
> >access
> >to the direct mapping to operate and there are also
> >various
> >interfaces that can be as root (ab)used to change it.
> >
> >And when you can do that they can change function
> >pointers
> >and jump to arbitary code or change the kernel page
> >tables
> >and map arbitary code.
> >
> >Disallowing all this would probably end up with a quite
> >useless kernel.
> >
> >
> >>There are already some systems that implement and
> >>utilize such functionality that
> >>use windows platforms, and other Linux distros that
> >>use userland
> >
> >Yes, at least the Vista variant was just broken. And
> >its designers spent
> >a lot of effort on it, but it didn't help.
> >
> Please read the thread i gave you for some details for
> things you ask
>
> Have in thought that we mostly talk here about embedded
> devices
> that run Linux in a very restricted environment where
> only specific
> applications are allowed to exist and run, there are no
> user logons
> and these applications need to be updated by remote once
> in a while
> over public networks. These applications need not be
> tampered with
What kind of applications are we talking about here? I'd like to hack
hardware I own.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
