bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ioperm and iopl in gnumach


From: Thomas Schwinge
Subject: Re: ioperm and iopl in gnumach
Date: Tue, 11 Aug 2009 11:58:42 +0200
User-agent: Mutt/1.5.11

Hello!

On Sun, Aug 09, 2009 at 06:48:05PM +0200, address@hidden wrote:
> On Mon, Aug 03, 2009 at 07:12:22PM +0200, Thomas Schwinge wrote:
> > There are two ways to use it: either the GNU Mach RPCs
> > i386_io_perm_create and i386_io_perm_modify (see
> > [gnumach]/i386/include/mach/i386/mach_i386.defs) can directly be used,
> > or the more standard (at least on x86) glibc ioperm function (see
> > [glibc]/sysdeps/mach/hurd/i386/ioperm.c), which makes use of the
> > former two RPCs.
> > 
> > Note that you currently have to be the root user to make use of all
> > this. This is what the envisioned (not yet existing, but which we've
> > once been chatting about) ioperm server, sitting on /servers/ioperm,
> > is meant to change.
> 
> The ironic thing is that with the iopl device, it was already possible
> without any special server...

But iopl is a all-or-nothing-like thing (all I/O ports), and also is for
root only (the device_master port is needed).

> I still wonder why the extra RPCs are considered better.

Because they use the capability system for allowing access to arbitrarily
restricted ranges of I/O ports; these capabilities can then be passed to
arbitrary non-root clients.  What the ioperm server will do is allowing
non-root clients to request access to I/O ports, and then had out these
rights according to some policy.


Regards,
 Thomas

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]