Re: noob question: driver separation?
Op Mon, 19 Feb 2018 21:19:27 +0100 schreef Hess THR : I mean.. did it ever happened in the history that a microphone driver sent its data via the network? Quite unlikely with open source drivers. And even load-modules can be checked to see which kernel functions they call. The recently introduced random ordering of kernel objects (KARL) makes it very difficult to call a function without explicitly linking to it. if these attacks aren't very likely, then I was just loudly thinking.. wouldn't it be great to held some idea day for: "how to increase security? " If you are really concerned about security, then there are other ways of achieving physical separation. Like using separate devices. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: noob question: driver separation?
On Mon, Feb 19, 2018 at 09:19:27PM +0100, Hess THR wrote: > I mean.. did it ever happened in the history that a microphone driver sent > its data via the network? > > if these attacks aren't very likely, then I was just loudly thinking.. > > wouldn't it be great to held some idea day for: "how to increase security? " > > there would be ex.: 500 idiot ideas, but maybe 1 great, who knows. This is not a new idea and has been applied in microkernel systems. These systems are very different from our kernel architecture, though. -Otto
Re: noob question: driver separation?
I mean.. did it ever happened in the history that a microphone driver sent its data via the network? if these attacks aren't very likely, then I was just loudly thinking.. wouldn't it be great to held some idea day for: "how to increase security? " there would be ex.: 500 idiot ideas, but maybe 1 great, who knows. > Sent: Monday, February 19, 2018 at 8:58 PM > From: "Hess THR" > To: misc@OpenBSD.org > Subject: Re: noob question: driver separation? > > Hello, > > nono, just in theory.. or it doesn't worth it? > > > > Sent: Monday, February 19, 2018 at 11:05 AM > > From: "Boudewijn Dijkstra" > > To: misc@openbsd.org > > Subject: Re: noob question: driver separation? > > > > Op Fri, 16 Feb 2018 21:51:12 +0100 schreef Hess THR > > : > > > Hello, > > > > > > are there any (at least on plan or theoretical level) that drivers will > > > be/are/would be separated? ex.: > > > > > > - touchpad drivers shouldn't have to do anything with network access > > > - wireless drivers shouldn't be able to touch anything from ex.: /home > > > - graphics/wireless/sound/disk/etc. drivers shouldn't be able to get > > > anything from keyboards > > > - and so on. > > > > > > or is this only a dream or bad concept that separation needed "inside > > > kernel level"? > > > > Why do you think it is needed? Did you see any dubious or sketchy OpenBSD > > driver code? > > > > > > > > -- > > Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/ > > > > > >
Re: noob question: driver separation?
Hello, nono, just in theory.. or it doesn't worth it? > Sent: Monday, February 19, 2018 at 11:05 AM > From: "Boudewijn Dijkstra" > To: misc@openbsd.org > Subject: Re: noob question: driver separation? > > Op Fri, 16 Feb 2018 21:51:12 +0100 schreef Hess THR > : > > Hello, > > > > are there any (at least on plan or theoretical level) that drivers will > > be/are/would be separated? ex.: > > > > - touchpad drivers shouldn't have to do anything with network access > > - wireless drivers shouldn't be able to touch anything from ex.: /home > > - graphics/wireless/sound/disk/etc. drivers shouldn't be able to get > > anything from keyboards > > - and so on. > > > > or is this only a dream or bad concept that separation needed "inside > > kernel level"? > > Why do you think it is needed? Did you see any dubious or sketchy OpenBSD > driver code? > > > > -- > Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/ > >
Re: noob question: driver separation?
Op Fri, 16 Feb 2018 21:51:12 +0100 schreef Hess THR : Hello, are there any (at least on plan or theoretical level) that drivers will be/are/would be separated? ex.: - touchpad drivers shouldn't have to do anything with network access - wireless drivers shouldn't be able to touch anything from ex.: /home - graphics/wireless/sound/disk/etc. drivers shouldn't be able to get anything from keyboards - and so on. or is this only a dream or bad concept that separation needed "inside kernel level"? Why do you think it is needed? Did you see any dubious or sketchy OpenBSD driver code? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
noob question: driver separation?
Hello, are there any (at least on plan or theoretical level) that drivers will be/are/would be separated? ex.: - touchpad drivers shouldn't have to do anything with network access - wireless drivers shouldn't be able to touch anything from ex.: /home - graphics/wireless/sound/disk/etc. drivers shouldn't be able to get anything from keyboards - and so on. or is this only a dream or bad concept that separation needed "inside kernel level"? Thanks and have a great weekend! :)
