--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 05, 2007 at 01:22:07PM -0400, Greg A. Woods wrote:
> > * Support for layered security for LKMs (LKMs have no access to
> > 	ring 0 on x86?)
> That last idea seems contrary to the very idea of embedded systems in
> general, never mind contrary to fundamental good security goals overall.

I'd be interested to see more discussion about this.  I don't
know the x86 privilege model and don't currently have much interest
in x86-based embedded systems, but it seems reasonable to give LKMs
different levels of trust.

As I mentioned, I see "embedded" running a pretty wide range of
systems and applications.  I tend toward working with/on the smaller,
networked, minimal/serial console kind of systems, but others might
be handheld PCs, game systems, metro-scale routers, DVRs, etc.  There
are some cases where I can see LKMs in use and yet not fully trusted
with full system access.

-allen

--=20
Allen Briggs  |  http://www.ninthwonder.com/~briggs/  |  briggs@ninthwonder=
=2Ecom

--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)

iQEVAwUBRmWjNGIPSzajGzeGAQILKggA8+NNX95DCM5v3bDWEAdhnGcaN4c/H2wK
PFBUHoMEHa706H1H8FOY7lJhK9hb+wo7/gwfHGg82tafbEy+e8b811dM5sKDA7nH
k4mhSmAZCqB+hL2KOY7c8Y/AdG7tHuyvuLK9VHuapjDESn4njjIMdvkPBNzwzfW7
LQaceBrV8+cL+LqOJ5bv4Oa0+2+pCWS9O2z6EnOLcAmknxpydF+hGwDar+BFja+Y
N5tVUg/54OL3YosKJASgBLR76FJskJ67pZkfy+KWyUW5AGfnWexvPRSvLFtFkoTo
3VUAv+qiZe4pttpaQzBQ0+AJdrktmMqMY9akM+us555sWcuE8ExaTg==
=gQN/
-----END PGP SIGNATURE-----

--a8Wt8u1KmwUX3Y2C--