[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ioperm and iopl in gnumach
|
From: |
olafBuddenhagen |
|
Subject: |
Re: ioperm and iopl in gnumach |
|
Date: |
Wed, 12 Aug 2009 14:42:47 +0200 |
|
User-agent: |
Mutt/1.5.19 (2009-01-05) |
Hi,
On Tue, Aug 11, 2009 at 11:58:42AM +0200, Thomas Schwinge wrote:
> On Sun, Aug 09, 2009 at 06:48:05PM +0200, olafBuddenhagen@gmx.net
> wrote:
> But iopl is a all-or-nothing-like thing (all I/O ports),
I see...
I guess though that fixing that would still be easier than writing a
proper ioperm server.
(Ignoring the fact that AFAIK we are only ever using it as an
all-or-nothing thing anyways...)
> and also is for root only (the device_master port is needed).
Well, yes. However, as it uses a standard interface, a standard server
could be used to manage file permissions -- I think devnode should fit
the bill. Whereas with the special interface, a special server is
necessary...
> > I still wonder why the extra RPCs are considered better.
>
> Because they use the capability system for allowing access to
> arbitrarily restricted ranges of I/O ports; these capabilities can
> then be passed to arbitrary non-root clients.
I think this could be implemented by a proxy on top of an improved iopl
device just as well... *If* we ever see the need for it. Which actually
seems unlikely, as the I/O ports are generally considered legacy, and
thus dying out.
(I contemplate using such a proxy for a userspace driver framework; but
considering the legacy issue, I have serious doubts that it's worth the
effort...)
-antrik-