On 28.8.20 15.38, Martin Gregorie wrote:
> On Fri, 28 Aug 2020 07:54:30 -0400, Mayayana wrote:
>
>> "gareth evans"  wrote
>>
>> | Is it true that the RPi4 is susceptible to these | security attacks
>> but that no previous versions are?
>>
>>    Simple rule: If you allow javascript or other executable
>> code online, you're a sitting duck. If you also store private data on
>> your computer, use credit cards online, bank online, etc, you're a
>> sitting duck with something to lose.
>>
>>    That might seem extreme or paranoid, but it's just the
>> facts. People want to believe computers can be made safe. Executable
>> code cannot be made safe. And these days we're going in the opposite
>> direction, toward the cloud model of computing based on corporate
>> systems,
>> where the network is considered safe while your family or housemates or
>> co-workers are considered to be risks.
>>
>>    When you combine the corporate security model with
>> SOHo usage you get crazy risk.
>
> I'm really disapointed that there hasn't been more work done on both
> hardware as OS design to make cross-process interference impossible and
> to properly implement hardware protection rings to stop application-level
> code clobbering the OS and the OS from clobbering to low-level drivers.
>
> This stuff isn't new: systems have been built that way since the early to
> mid 70s. Two examples I know of are the ICL 2900 series and the IBM
> Future Series.
>
> The ICL 2900 architecture supported all the features I mentioned above.
>
> The IBM implementation didn't have hardware rings of oritection but did
> run each process in its own address space. It was initially killed before
> being revived as the System/38, which morphed into the AS/400 before
> being renamed as the iSeries.
>
> The IBM approach still exists as Power series chips, but the 2900
> architecture is now almost irretrievably lost. Pity, because both systems
> were almost bulletproof in terms of limiting the damage a piece of bad
> code could do.
>
> Linux on X86 chips should be able to provide some protection via the
> three protection rings they (used to?) provide, but does Linux use them
> to prevent one process clobbering another? I'd hope so, but have never
> seen any information about that.


At least the 32 bit Linux kernel starts by effectively by-passing the
segmentation and ring protection mechanism and using only the paging.

The 80286 has a proper ring-protection mechanism, but it was bastardized
in the PC/AT, and the 80386 already gave up with the virtual-86 mode.

--

-TV

--- SoupGate-Win32 v1.05