Date: Wed, 14 Mar 2001 10:22:30 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Phelip Cray <phelipc@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: freebsd kernel Message-ID: <20010314102230.D43414@mollari.cthul.hu> In-Reply-To: <20010314174451.70172.qmail@web12408.mail.yahoo.com>; from phelipc@yahoo.com on Wed, Mar 14, 2001 at 09:44:51AM -0800 References: <20010314174451.70172.qmail@web12408.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--vni90+aGYgRvsTuO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 14, 2001 at 09:44:51AM -0800, Phelip Cray wrote: >=20 > Hello all, >=20 > I am reading a book called "Screts and Lies" by Bruce > Shenier from CounterPane. >=20 > He says that the kernel of an operating system should > be as simple as possible, but that nowadays system > designers tend to push everything they can into the > kernel area. ( I have read this from other authors > also ... ) >=20 > Is this true with the FreeBSD project? If it is, how It's not really true -- as a rule nothing gets pushed into the kernel that doesn't belong there, and since everything is configurable you don't have to have any kernel features you don't want to if you object to a particular system. Bruce is probably referring to things like Windows NT, which runs a heck of a lot of stuff inside the kernel (the GUI, the IIS webserver, etc). Linux also suffers from this in part (kernel httpd, etc). There are performance reasons why you might be tempted to do this, but as Bruce correctly notes there are also significant security risks. > come you have to set up a sound board or a NIC by > recompiling the kernel? Isn't this stuff suposed to be > left outside? You don't have to recompile it anymore in FreeBSD -- you can just dynamically load and unload the driver as a KLD module. But you're still loading it into the kernel: most UNIX systems (and others) work this way, because things like device drivers need access to the low-level hardware which is best achieved by running the driver in kernel space. There are alternatives like Mach (actually I don't know if Mach can have device drivers running outside the microkernel, it seems reasonable, if inefficient) but there's really nothing wrong with having device drivers inside your kernel. Kris --vni90+aGYgRvsTuO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6r7blWry0BWjoQKURAtc5AJ95ZzvyfIBSCjMgZ5w5FkTMakFy6wCg51Fx uEyb4X0nqbEpJCszEXdQ3rU= =xZoo -----END PGP SIGNATURE----- --vni90+aGYgRvsTuO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010314102230.D43414>