Subject: Re: Looking ahead
To: NetBSD Embedded Systems Technical Discussion List <tech-embed@NetBSD.org>
From: Allen Briggs <email@example.com>
Date: 06/05/2007 13:53:56
Content-Type: text/plain; charset=us-ascii
On Tue, Jun 05, 2007 at 01:22:07PM -0400, Greg A. Woods wrote:
> > * Support for layered security for LKMs (LKMs have no access to
> > ring 0 on x86?)
> That last idea seems contrary to the very idea of embedded systems in
> general, never mind contrary to fundamental good security goals overall.
I'd be interested to see more discussion about this. I don't
know the x86 privilege model and don't currently have much interest
in x86-based embedded systems, but it seems reasonable to give LKMs
different levels of trust.
As I mentioned, I see "embedded" running a pretty wide range of
systems and applications. I tend toward working with/on the smaller,
networked, minimal/serial console kind of systems, but others might
be handheld PCs, game systems, metro-scale routers, DVRs, etc. There
are some cases where I can see LKMs in use and yet not fully trusted
with full system access.
Allen Briggs | http://www.ninthwonder.com/~briggs/ | briggs@ninthwonder=
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)
-----END PGP SIGNATURE-----