[movitz-devel] OS decisions

Brian Makin merimus at gmail.com
Sun Jun 14 02:40:39 UTC 2009 

Well, we could certainly put some functions in a protected memory space.
It would require some system support so that you couldn't simply  
override the func.

Perhaps a better way would be like this.
A particular context (looks like the lisp term would be environment)  
could have permissions.

The read/write/execute model would probably work.
You could execute a function, read the source, or write(change) the  
function.

Thinking more on this... it is an interesting question.

Lets use a function
movitz:network:tx_packet

I would imagine that an unprivileged user would not be able to  
redefine that function within that context. ie: change the systems  
tx_packet function.  When the symbol is looked up it's permission is  
gotten from the environment in which it is defined.

Does the concept of having permissions on an environment even make  
sense?


On Jun 13, 2009, at 10:12 PM, Shawn Betts wrote:

> On Sat, Jun 13, 2009 at 6:58 PM, Brian Makin<merimus at gmail.com> wrote:
>>
>> Well, if you don't have some protection between a user and the base  
>> system
>> then any user would be able to do nasty things to other people on the
>> system.
>>
>> Grab their passwords, kill their processes, intercept their network  
>> traffic
>> etc...
>>
>> Genera for example was single user only.  On top of that it didn't  
>> even try
>> to protect the user from themselves.  If you overwrote the  
>> scheduler with
>> minesweeper... so be it.
>
> But how do you define kernel and user space? If I get "access" to the
> scheduler and make a tweak so it calls a special function I just
> wrote, how would that function be tagged as being crucial to the
> system? Would you be able to have a process-wait-function if you
> seperated "kernel" and "user" spaces?
>
>> You could make a multiuser system without that sort of protection  
>> but then a
>> hostile (or careless) user could cause havoc.
>
> I don't think anyone is questioning that. I'm trying to imagine how it
> would work. How would you seperate all the objects floating around in
> memory?
>
> _______________________________________________
> movitz-devel site list
> movitz-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/movitz-devel

More information about the movitz-devel mailing list