[Info-vax] Why (conceptually) does executive mode code need unrestricted kernel mode access ?
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Oct 4 15:04:11 EDT 2019
On 2019-10-04, ergamenes at gmail.com <ergamenes at gmail.com> wrote:
> On Friday, 4 October 2019 13:16:00 UTC+1, Simon Clubley wrote:
>
>> If it's a privileges problem, the system service could check that the
>> previous mode was executive mode before deciding whether to allow the
>> specific operation in question.
>
> Slightly confused by this part, that's what CMKRNL does. Surely the
> question is why do you not need CMKRNL privileges to use SYS$CMKRNL
> from EXEC mode?
No, I was thinking that maybe RMS was given full access to kernel
mode because it needed to carry out (for example) privileged operations
on behalf of a non-privileged user.
However, there are far better ways to handle that than just give
executive mode code uncontrolled kernel access and then let the
executive mode code do whatever it wants in kernel mode.
This question came about because I started thinking why, conceptually,
the VMS design _requires_ executive mode code to have uncontrolled
access to kernel mode, and so far, I am not coming up with any good
answers. The things I am coming up with, such as privilege handling,
seem to have a more reasonable way of handling the problem at hand.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list