March 06, 2004
On Fri, 5 Mar 2004 18:52:17 -0800, Walter <> wrote:
> 1) The x86 CPU's have 4 privilege levels. These are unused by windows, and I think linux too, which runs everything at the max privilege level (or they only use 2 of the 4 levels, I forgot the details).

They use two levels (which is all that paging provides on x86), 0 and

> This is why security is so difficult on windows/linux, as everything is essentially root. Using the 4 levels enables you to create a *hardware* sandbox for running, for example, internet apps.

You can do that with two levels as well.  The problem on Linux is not that everything's root (as that's not the case), but that the security model it inherited from Unix is rather primitive, causing a lot of things to have more privilege than they need.

I'm not familiar enough with Windows to comment on its security model
(for those versions that have one (i.e. NT and derivatives)).

> 2) Expose the full functionality of the virtual paging hardware to application programming. This will enable better/faster garbage collectors to be written. For example, the gc could read the 'dirty' bit on a page to see if it needs to be scanned.

That'd be nice.  The ability to request arbitrary copy-on-write
regions (as opposed to only being able to use it with fork() and
inter-process mmap()) would be great as well, both for doing GC in
the background and for non-GC-related things.

> In fact, gc should be part of the os core
> functionality, so that all gc'd languages can have access to it.

Though there should be a way of hooking language-specific GC code into that, which can know more about how the data is laid out.

Next ›   Last »
1 2