From owner-freebsd-security Tue Nov 13 2:29:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id BFFC137B405 for ; Tue, 13 Nov 2001 02:29:35 -0800 (PST) Received: from IBMKA (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with ESMTP id NAA24081; Tue, 13 Nov 2001 13:29:25 +0300 (MSK) Date: Tue, 13 Nov 2001 13:28:39 +0300 From: "Nickolay A.Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" X-Priority: 3 (Normal) Message-ID: <2758909837.20011113132839@internethelp.ru> To: Matthew Dillon Cc: freebsd-security@freebsd.org Subject: Re[2]: FreeBSD and i386 VM hardware In-reply-To: <200111121952.fACJqLZ06073@apollo.backplane.com> References: <01b301c16918$be1763a0$0a00000a@atkielski.com> <200111121952.fACJqLZ06073@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Matthew, Monday, November 12, 2001, 10:52:21 PM, you wrote: MD> :To what extent does FreeBSD actually use all the fancy virtual-memory features MD> :of latter-day i386 processors? As I recall (it has been several years since I MD> :looked into it), the Intel microprocessors provide some very elaborate features MD> :for management of virtual memory, I/O operations, and security, allowing total MD> :hardware isolation of untrusted processes. How much of this is used by FreeBSD? MD> :I know that UNIX is supposed to isolate users from each other, but how much of MD> :this is done in hardware, and how much of it is simulated in software? Very MD> :tight security usually requires a lot of interdependency between the hardware MD> :and the OS, and since UNIX is supposed to be a multiplatform OS, I'm wondering MD> :how much hardware support for security is actually used by the system. MD> Well, All UNIX OS's running in intel hardware, including FreeBSD, MD> use most of the major MMU/VM features of the processor. Not all of MD> them, because some just don't work properly, but certainly most of MD> them. For example, FreeBSD uses ring 0 and ring 3 but ring 1 and ring 2 MD> are completely useless to us due to the way interrupt stacks are designed MD> in the intel architecture. We use 4K MMU pages predominantly but only MD> use 4M MMU pages in certain (kernel-related) situations. At least for MD> the moment. We use interrupt and trap gates but do not use the MD> call-argument-crossing-ring-boundry or hardware tasking crap. MD> This is really true of all UNIXes... it is the UNIX model, after all! MD> While it is possible for root processes to access portions of the MD> hardware directly, the number that do can be counted on one hand, MD> must ask for it explicitly, and the feature can be disabled through the MD> securelevel sysctl. MD> -Matt MD> Matthew Dillon MD> Maybe it is not so important, but I think that Matt have forgot something. In i386 Intel has implemented two independent branches of hardware-level security - segment-level and page-level. Segment level security is IMHO `stronger' than page-level, because can mark some areas as Readable_But_Not_eXecutable, which page-level security can't and some other features. Since FreeBSD uses `flat' memory model, it does not take use very much of Intel's segment registers. I mean that all of DS, ES, SS are pointing to one `flat' descriptor with the same base, limit and permissions. CS descriptor is somewhat different in limit (I do not know why yet). Thus all security (at least for userland) relies on page-level security which consists of only two bits: Readable/Writable and Supervisor/User . I suppose, that there were some strong reasons for FreeBSD team to choose page-level security model instead of segment-level. If you want to know these reasons you should ask freebsd team directly. Their emails are at http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/staff-core.html Summary: FreeBSD uses _some_ i386 security features, but not the _most_ of them. Anyway, I suppose, that your question has a little to do with freebsd-security, and you better contact freebsd-hardware, freebsd-hackers or maybe freebsd-core mailing lists for further information, or send e-mails directly to me if you need some explanations on this posting. I strongly advise you to read "Intel Architecture Software Developer’s Manual" which can be found on Intel's FTP servers (I don't have correct links right now). Good Luck PS: I am using FreeBSD 3.3-RELEASE, so some changes since that versions are possible, that contradict words. ;------------------------------------------- ; NKritsky ; SysAdmin InternetHelp.Ru ; http://www.internethelp.ru ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message