Re: A Question to throw at you guys

[olafBuddenhagen]

Hi,

On Wed, Nov 15, 2006 at 04:09:01AM +0000, Justin Emmanuel wrote:

> The original thought that I had was, wouldn't it be cool if:
> 
> The DDL was compiled to a byte code (This allows for closed source
> drivers).

No thanks, we don't want nonfree drivers. If your framework simplifies
creating those, that's a major disadvantage in our view.

> The byte code would be used by the OS to 'learn' to build the driver
> code itself.

Well, we do understand that your idea is to have a trusted compiler.
(Just like in Singularity.) Only we don't see any advantage in such an
approach...

> Nothing direct from the outside would be placed directly against the
> hardware and the drivers should be fully held to account at every
> step.

Seems it wasn't clear enough in the previous replies, so I'll try again:

There are only two possible situations. Either the hardware device in
question is nice, and it's possible to give the driver access to safe
resources only. If so, traditional process boundaries are perfectly
sufficient to enforce security, totally independant of the language
and/or compiler used.

Or the hardware is inherently dangerous. In this case, no kind of
checking can help.

Trying to enforce some policy on drivers by a special language and
trusted compiler is really pointless, sorry.

-antrik-