Ok, so I have been reading "Windows Internals" and in there it says that windows only uses ring 0 "Kernel mode" & ring 3 "User mode". It also says the reason for this is that some processors that were supported in the past only supported two rings for example Alpha.
Now it goes on to say that calls from lower(by that I mean higher than 0) rings are checked and if they pass the check they switch to ring 0 complete their task drop to ring 3 then return to the user process.
Now It also says that drivers run at ring 0 and that driver signing is an attempt to prevent users from installing poorly written or malicious drivers that could damage their system once running in ring 0 because they would have full access to kernel/OS resources.
Now for the question could ReactOS make drivers run in ring 1 instead of ring 0 it seems like if this was possible calls to the kernel/hal could be validated before the call was switched to ring 0 to run. I'm sure setting up the gates would take time but if the drivers have limited access then it seems like they would be less of a security threat.
I know peer reviewed code like the drivers included with ReactOS shouldn't be a threat because they are just that peer reviewed. However 3rd party drivers may not be quite so trust worthy. Correct me if I'm wrong but wouldn't this also improve system stability?
Anyway if I'm correct super if not please include details as to where I went astray as this will help my learning process and help me to be a better member of the ReactOS community.
Ring Security?
Moderator: Moderator Team
Ring Security?
Talk is cheap. Show me the code. - Linus Torvalds
arg
To Z98
I was afraid it would be allot of work. But it seems like a good idea on paper so I thought I would at least throw it out there.
So how does that work with user mode stuff I'm pretty sure when you make filesystem call the user code isn't aware it needs to ultimately use kernel mode to finish the job.
To Ged
Ah strait and to the point. Yes I know that windows doesn't use ring 1 or 2 but from what I read that was more of a legacy compatibility issue. I guess the argument could be made that using only two rings would allow ReactOS to be ported to more Architectures but I thought some security on drivers would be an over all good thing.
To All
I guess maybe at best talking about modifying the windows design should be tabled until we have the design working. But at least I know I hit on a valid point. Thank you for your feedback.
I was afraid it would be allot of work. But it seems like a good idea on paper so I thought I would at least throw it out there.
So how does that work with user mode stuff I'm pretty sure when you make filesystem call the user code isn't aware it needs to ultimately use kernel mode to finish the job.
To Ged
Ah strait and to the point. Yes I know that windows doesn't use ring 1 or 2 but from what I read that was more of a legacy compatibility issue. I guess the argument could be made that using only two rings would allow ReactOS to be ported to more Architectures but I thought some security on drivers would be an over all good thing.
To All
I guess maybe at best talking about modifying the windows design should be tabled until we have the design working. But at least I know I hit on a valid point. Thank you for your feedback.
Talk is cheap. Show me the code. - Linus Torvalds
Re: arg
It's a design issue. The whole of NT is designed around the concept of umode and kmode i.e. 3 and 0. There is no scope or requirement to change this design. Doing so would require a complete new OS design with no benefit.disks86 wrote:Yes I know that windows doesn't use ring 1 or 2 but from what I read that was more of a legacy compatibility issue.
Ring security most OS's only use 2.
Due to speed issues. Xen is differnet ring 0 is Xen. Ring 1 is OS kernel ring 3 for applications. So having free space is useful.
http://en.wikipedia.org/wiki/Ring_(computer_security) Please note the high cost of changing rings. Its normally just too expensive without motivation.
Due to speed issues. Xen is differnet ring 0 is Xen. Ring 1 is OS kernel ring 3 for applications. So having free space is useful.
http://en.wikipedia.org/wiki/Ring_(computer_security) Please note the high cost of changing rings. Its normally just too expensive without motivation.
IIRC fastcall is a calling convention that just sends some of the parameters in the registers, which is completly different from ring changes. To change to kernel mode you must go through a 2E(?) interupt and several other steps. I could be wrong, i haven't read up on this in a while.etko wrote:oiaohm: What about fastcall instruction? That should makes ring change less costly.
fastcall makes no alteration. Is around 100 cycles to go both ways. 70 about to get into kernel mode and about 40 to get back. Now the more you have to do that bounce between rings more cost.
Linux has a few things insane option to run applications in kernel mode http://www.yl.is.s.u-tokyo.ac.jp/~tosh/kml/ And complete go without ring secuirty. Yes it saves a lot of clock ticks but its not without price.
Stacking for things that need to be done and in kernel space and sending them across in a block.
Its been a big problem with ring security from the start the high processor time price.
Linux has a few things insane option to run applications in kernel mode http://www.yl.is.s.u-tokyo.ac.jp/~tosh/kml/ And complete go without ring secuirty. Yes it saves a lot of clock ticks but its not without price.
Stacking for things that need to be done and in kernel space and sending them across in a block.
Its been a big problem with ring security from the start the high processor time price.
Who is online
Users browsing this forum: No registered users and 22 guests