VERY interesting - but security implications to others?!?
Posted Feb 8, 2006 13:14 UTC (Wed) by jzbiciak
(✭ supporter ✭
In reply to: VERY interesting - but security implications to others?!?
Parent article: Van Jacobson's network channels
I wonder if you can still get most of the benefits of network channels if you limit their accessibility to special user IDs, and then require non-privileged applications to use cooperating threads--one privileged, one not--to send packets.
That way, the TCP/IP implementation can be stored away in a fixed implementation that root checks in on (and the kernel may even checksum at lauch time), but the processing still lives in userspace. It looks a little like the priv-sep that sshd uses.
Granted, with two cooperating threads, you get back to some of the context switching issues, but still it feels a little more flexible than keeping it in kernel space.
to post comments)