Microkernels (WAS RE: New to the list.)
Ray Arachelian
ray at arachelian.com
Sat Aug 5 20:54:07 CDT 2006
Sean Conner wrote:
> I also worked at a software company porting Unix utilities to QNX and I
> really like QNX and what can be done with it. I could use the modem on my
> boss' computer to dial out without using *any* special software, just
> specify the device on his computer (not only was the file system network
> transparent, but you could use devices across the network). You could even
> run a program on one computer, pipe the output to another program on another
> computer and send the output to a third computer, all from the command line,
> and all possible because QNX was built on a microkernel and had all this
> functionality built in.
>
MicroKernels are very nice, and as of recently they have one huge
advantage (not speed for sure). The
bad guys are now going after flaws in device drivers. Guess what,
device drivers run with full privileges
in most OS's these days and no protection whatsoever. So if you have
some very common driver that
is known to have an exploit - say a common network driver, you'll be
owned that way. With a
microkernel, you can isolate the driver against this. Imagine a
specially crafted ethernet or WiFi frame
that triggers a buffer overlow. :-)
see: http://www.theregister.co.uk/2006/08/04/hackers_bypass_os/ and
http://www.theregister.co.uk/2006/08/03/wifi_driver_hack/
More information about the cctalk
mailing list