flat assembler
Message board for the users of flat assembler.
Index
> OS Construction > Vesa Graphics Goto page Previous 1, 2, 3 Next |
Author |
|
DOS386 24 Dec 2007, 23:20
> read any reference to irreal, unreal etc... where is it exactlly? manual# page n° please...
UTFG + DOS FAQ in this forum > Instead, if you are interested in DOS, learn DPMI. YES. > If you want it for you own OS, learn protected mode well enough to be able to call DOS interrupts They won't be available > in v86 mode. But you can call BIOS INT's using "raw" switches to RM. _________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
|||
24 Dec 2007, 23:20 |
|
vid 25 Dec 2007, 09:05
Quote:
It may be simpler to code, but it is bad design for OS. Could be fine for basic prototype OS, not for anything more advanced. |
|||
25 Dec 2007, 09:05 |
|
Octavio 25 Dec 2007, 09:51
vid wrote:
why is a bad design? |
|||
25 Dec 2007, 09:51 |
|
DOS386 25 Dec 2007, 10:03
vid wrote: but it is bad design for OS. Evidence, please _________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
|||
25 Dec 2007, 10:03 |
|
vid 25 Dec 2007, 10:09
Because you put too much trust into interrupt handler code. You shouldn't allow BIOS code to access memory that contains your system structures, you shouldn't allow int 10 handler to mess with HDD or DMA ports, etc...
someone could use this to get over system logging, to elevate local priviliges, etc... |
|||
25 Dec 2007, 10:09 |
|
tom tobias 25 Dec 2007, 10:27
The underlying question is not about BIOS, but about accessing hardware from protected mode. vid addresses the "protection" component of protected mode. I think that one should rather consider the FLAT aspect of "protected mode", and from that perspective, of course, Octavio and NTOSKRNL_VXE make a good point, why not have an operating system which uses the full 32 bit space, without obligation to switch back and forth to real mode to access hardware. Seems reasonable to me.
|
|||
25 Dec 2007, 10:27 |
|
Octavio 25 Dec 2007, 15:30
vid wrote:
bios,chips and drivers can take control of the computer even if the OS is always in protected mode.Using real mode do not makes it more insecure. |
|||
25 Dec 2007, 15:30 |
|
revolution 25 Dec 2007, 16:08
Yes, there is SMM of course. But I hardly think that is likely as a security risk.
|
|||
25 Dec 2007, 16:08 |
|
vid 25 Dec 2007, 16:13
Quote: bios,chips and drivers can take control of the computer even if the OS is always in protected mode.Using real mode do not makes it more insecure. I wasn't talking about BIOS code. I was concerned about someone giving his own code in place of BIOS code (overwrite int vector prior to booting) Yeah, you might test if address of vector is in BIOS memory region, but: - what to do if it isn't? Fail to load OS? - still this can be tricked (just overwrite code pointer in BIOS data area instead of overwriting vector, etc...) By doing this, you are opening security gap, that shouldn't be present in any real OS |
|||
25 Dec 2007, 16:13 |
|
Dex4u 25 Dec 2007, 17:56
vid wrote: It may be simpler to code, but it is bad design for OS. Could be fine for basic prototype OS, not for anything more advanced. Plues this method is no more a security threat, than Boot your OS or hobby OS's in then selfs. See here for more info: http://www.securityfocus.com/columnists/442 Using this method you can get round any security, including GAMES. Last edited by Dex4u on 25 Dec 2007, 18:06; edited 1 time in total |
|||
25 Dec 2007, 17:56 |
|
vid 25 Dec 2007, 18:05
Dex: I agree that once you stop trusting machine, you are screwed (eg. you are always screwed unless we have Trusted Computing).
But "owning OS from boot" is IMHO hurder harder than hooking interrupt and overwriting few stuff. One security threat that we can't solve doesn't excuse ignoring another security threat which we can fix. |
|||
25 Dec 2007, 18:05 |
|
Dex4u 25 Dec 2007, 18:31
@vid, i suppose it come down to priority's, You can for example put bar's on your windows and doors, but this would just as likely get in the way of the house owner as well.
I see a unprotected OS (as in runs in ring0, no paging, direct access to hardware ) as like a Scalpel, yes you can cut your fingars off, but also you can save life's. I see over secure OS's as like plastic knifes, safe, but you can do little with them that YOU want to do. |
|||
25 Dec 2007, 18:31 |
|
edfed 25 Dec 2007, 18:52
good reply...
and i add the VIRUS and MALICIOUS software presence... if somebody makes a virii and broacast it , he's bad... but if the OS doesn't care about the virii? simply ignore it and kill it??? strangelly hard ... there, the rings have a goal... so use of rings can be for application.... |
|||
25 Dec 2007, 18:52 |
|
vid 25 Dec 2007, 21:14
Dex: well, if you want DOS-like OS without protection, then switching to RM is of course fine. Also as intermediate testing it might be fine. But for anything real that people should use, no. Every known security hole should be fixed.
Quote: I see over secure OS's as like plastic knifes, safe, but you can do little with them that YOU want to do. example? |
|||
25 Dec 2007, 21:14 |
|
DOS386 25 Dec 2007, 23:55
Quote: well, if you want DOS-like OS without protection, then switching to RM is of course fine. Quote: One security threat that we can't solve doesn't excuse ignoring another security threat which we can fix. Quote: But for anything real that people should use, no. Every known security hole should be fixed. This "argument" is absolutely unreproductable - what you you expect your OS to "protect" you from ? From someone coming in with a "Scalpel" also ? _________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
|||
25 Dec 2007, 23:55 |
|
bitRAKE 26 Dec 2007, 00:25
Who'd put wheels on a safe and drive it around - only to find that crashing slams the occupants against the inner wall and killing them anyway? Security on a PC is the same lunacy.
(damn, broken BBCode) Edit by Loco: Replaced parentheses with %28/%29 on the URL |
|||
26 Dec 2007, 00:25 |
|
vid 26 Dec 2007, 00:36
Quote: what you you expect your OS to "protect" you from ? i expect OS to protect me as good as possible from someone who - can affect boot process (eg. boot something prior to booting OS) - does have user-level access to system - doesn't have admin-level access to system - wants to elevate to admin-level privileges. I realize you will never be secure after he can affect boot process, as Dex pointed out, but this security hole makes it even easier for him. |
|||
26 Dec 2007, 00:36 |
|
Dex4u 26 Dec 2007, 03:01
[quote="vid"]
Quote: I see over secure OS's as like plastic knifes, safe, but you can do little with them that YOU want to do. Quote:
YOU want to do that, but THEY do not want you to do that, so they give you safe API, that lets you make a OK media player, but it will never be as good as windows. Now if you had full control and where the best programmer, you could easy make a better one. Now are they protecting you or them selfs ?. As a side note, all game consoles run more or let in a none protective environment and i do not see lots of virus for them, this includes running lots of homebrew. |
|||
26 Dec 2007, 03:01 |
|
vid 26 Dec 2007, 10:22
ok, if safe OS is badly designed, then it is harder to overcome bad design than in unsafe OS.
But still, i'd prefer safe OS that fixes all known problems. |
|||
26 Dec 2007, 10:22 |
|
Goto page Previous 1, 2, 3 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.