[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ioperm and iopl in gnumach
|
From: |
Thomas Schwinge |
|
Subject: |
Re: ioperm and iopl in gnumach |
|
Date: |
Tue, 11 Aug 2009 11:58:42 +0200 |
|
User-agent: |
Mutt/1.5.11 |
Hello!
On Sun, Aug 09, 2009 at 06:48:05PM +0200, olafBuddenhagen@gmx.net wrote:
> On Mon, Aug 03, 2009 at 07:12:22PM +0200, Thomas Schwinge wrote:
> > There are two ways to use it: either the GNU Mach RPCs
> > i386_io_perm_create and i386_io_perm_modify (see
> > [gnumach]/i386/include/mach/i386/mach_i386.defs) can directly be used,
> > or the more standard (at least on x86) glibc ioperm function (see
> > [glibc]/sysdeps/mach/hurd/i386/ioperm.c), which makes use of the
> > former two RPCs.
> >
> > Note that you currently have to be the root user to make use of all
> > this. This is what the envisioned (not yet existing, but which we've
> > once been chatting about) ioperm server, sitting on /servers/ioperm,
> > is meant to change.
>
> The ironic thing is that with the iopl device, it was already possible
> without any special server...
But iopl is a all-or-nothing-like thing (all I/O ports), and also is for
root only (the device_master port is needed).
> I still wonder why the extra RPCs are considered better.
Because they use the capability system for allowing access to arbitrarily
restricted ranges of I/O ports; these capabilities can then be passed to
arbitrary non-root clients. What the ioperm server will do is allowing
non-root clients to request access to I/O ports, and then had out these
rights according to some policy.
Regards,
Thomas
signature.asc
Description: Digital signature