Jan Kiszka wrote:
> Am 11.10.2010 18:23, Gilles Chanteperdrix wrote:
>> Jan Kiszka wrote:
>>> enabling the Xenomai watchdog should provide a reasonably safe&secure
>>> environment.
>> AFAIK, the BIG FAT warning at the bottom of this page still applies. You
>> can make an environment with no hardware lockups, but secure, I do not
>> think so. We do not know how Xenomai APIs could be exploited for a
>> non-root user to become root.
>
> For sure, no one audited the interface for security so far. There is no
> hole in design that comes to my mind ATM, but I would be surprised as
> well if you couldn't develop any exploit for some bug or missing check.
> Still, there is a huge difference between giving anyone root access and
> confining Xenomai access this way.
I was just reacting to "reasonably secure". The experience proves that
if you do not do any particular effort for security, then your code is
not secure. Not even reasonably.
--
Gilles.
_______________________________________________
Xenomai-help mailing list
[email protected]
https://mail.gna.org/listinfo/xenomai-help
