[Info-vax] [OT] Portable operating systems, was: Re: PowerX Roadmap - Extended beyond 2020
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Sep 19 11:05:52 EDT 2016
On 2016-09-19 11:55:18 +0000, John Reagan said:
> The CPU still has the four modes, but in 64-bit mode the page table
> entries only have K/U (the older modes have the extra modes in the
> PTEs). Somebody from Apple explained the rationale behind the change
> to me last year at the LLVM conference. Apparently there was some way
> to circumvent those mode checks such that S and E (in VMS terms) could
> get access to K memory. Instead of fixing the underlying issue, they
> just removed the extra modes from the PTEs.
It's also possible to get from supervisor mode to full kernel access on
OpenVMS, if you're both nefariously inclined and already somehow
executing in supervisor. That's in software though, and not in the
memory management hardware.
One of the newer approaches to application isolation is Intel SGX —
that is also intended to protect against a compromised operating system
— though the security of SGX might have "some issues" in at least its
early implementations, based on some reports.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list