Difference between revisions of "Talk:Processors"

From eLinux.org
Jump to: navigation, search
(answer question)
 
("buggy executable", "trusted")
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 
Is it true that the the Linux [[security]] permissions system relies on the MMU? -- DavidCary
 
Is it true that the the Linux [[security]] permissions system relies on the MMU? -- DavidCary
  
No. --[[User:TimBird|TimBird]]
+
It depends on what you mean by "security permissions".  The file system permissions
 +
are enforced by the file system.  Any process operating through normal system calls
 +
will be unable to open files for which is does not have appropriate security.
 +
 
 +
However, security between processes is NOT enforced via memory protection, since
 +
there is no memory management unit.  Any process can access the memory areas
 +
of the kernel or any other process.  Thus it is not wise to run untrusted code
 +
on an MMU-less system. --[[User:TimBird|TimBird]]
 +
 
 +
So any buggy executable can bypass the normal system calls, delete files, and crash the entire system.
 +
 
 +
But a buggy shell script or Java app will stay confined to its own compartment by the file system permissions
 +
(unless the shell or the JVM is a buggy executable).
 +
 
 +
p.s.: I'm starting to hear a lot of programmers use the term "trusted".
 +
And what they mean by it is not what I (or, I suspect, you) mean by it.
 +
 
 +
* "The Fallacy of Trusted Client Software" by [http://www.schneier.com/essay-063.html Bruce Schneier], [http://infosecuritymag.techtarget.com/articles/august00/columns2_cryptorhythms.shtml Information Security Magazine], August 2000
 +
* [http://www.theregister.co.uk/2005/09/27/untrusted_search/ "Trusted search software labels fraud site as safe"] ...  "Such incorrect classifications create a false sense of security"
 +
* [http://www.w3.org/2000/12/drm-ws/pp/cloakware.html a user that cannot be ... trusted. ... Bob must assumed to be hostile, not just naive.]
 +
* [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php "Trusted Computing: Promise and Risk"] by Seth Schoen. "... trusted computing ... remains controversial. Some of the controversy is based on misconceptions ..."
 +
 
 +
--[[User:DavidCary|DavidCary]] 02:07, 14 June 2007 (EEST)

Latest revision as of 16:07, 13 June 2007

Is it true that the the Linux security permissions system relies on the MMU? -- DavidCary

It depends on what you mean by "security permissions". The file system permissions are enforced by the file system. Any process operating through normal system calls will be unable to open files for which is does not have appropriate security.

However, security between processes is NOT enforced via memory protection, since there is no memory management unit. Any process can access the memory areas of the kernel or any other process. Thus it is not wise to run untrusted code on an MMU-less system. --TimBird

So any buggy executable can bypass the normal system calls, delete files, and crash the entire system.

But a buggy shell script or Java app will stay confined to its own compartment by the file system permissions (unless the shell or the JVM is a buggy executable).

p.s.: I'm starting to hear a lot of programmers use the term "trusted". And what they mean by it is not what I (or, I suspect, you) mean by it.

--DavidCary 02:07, 14 June 2007 (EEST)