LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Style and form

Style and form

Posted Oct 24, 2005 17:28 UTC (Mon) by mmarq (guest, #2332)
In reply to: Style and form by njhurst
Parent article: Ballmer: Microsoft to go after Linux strongholds (ZDNet)

"" I think it is a dangerous plan to re-implement everything from scratch on the premise that the new design will be more robust or secure ""

I belive the "Grand Beauty" of putting an exokernel beneath the present Linux kernel, is doing it without having to re-invent the wheel.It could go even to a Single Adress Space design with the Linux synchronization mechanisms, locks, semaphores, because the adress space is mandatory handled by a dynamic library in an exokernel design... as in XOK/ExOS(could be XOK/Linux)
http://www.disy.cse.unsw.edu.au/papers/disy/Deller_Heiser...(mungi)
http://pdos.csail.mit.edu/exo/exo-internals/internals.html(XOK/ExOS)

Full *POSIX* support can be achieved in this type of designs as in Meshix and Angel http://citeseer.ist.psu.edu/cache/papers/cs/294/ftp:zSzzS...
, and the Unix file systems dosent have to go away.

"" Security comes as much from years of harsh real-world testing as it does from special models.""

No. I belive its simply proved, so simply that it hurts, that the present model is inherently *INSECURE*, no matter what. http://www.skyhunter.com/marcs/capabilityIntro/index.html

"" We can probably achieve all that is suggested here by putting the same amount of work into fixing up the existing kernel interfaces and designing tools for detecting bad code patterns. ""

Not likely. Building good interfaces and detecting bad code patterns also has to be applyed, but in less extense and without "crazy hacks", to an exokernel/Linux design with capabilities, or better, to an exokernel/Linux with the actual Unix file acess list protection design on top of capabilities, beying it a SASOS or not.

That is an exokernel/Linux design could be full POSIX, have the Unix file acess list protection style available and yet the ensemble behave like a monolithic Single Adress Sapce Kernel... only much much more secure, to the point a * virus and crackers prove* LABEL can be arguably applyed.

"" Auditing also helps, and everytime we build from scratch we lose all the previous auditing work.""

I belive auditing would also be necessary, and even more because in a exokernel design, you could have as exemple the Apache server having its own virtual memory and file system directly on top of the exokernel (achieving perhaps more than 1 order of magnitude more performance) , and so everything from the OS and every application and service as to be audit to *guaranty* safety. Many of Previous work, and followed disasters, *could* be an example of where and why stating secure a system that is *inherently INSECURE* is a bad policy.

Sincerely thanks for the offer, but one of beautys of posting is learning how to write properly and not get lazy.

I also belive group thinking could be much more enhanced then today, by people losing fear of posting more radical ideas.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds