[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Driver security

From: R. Koot
Subject: Driver security
Date: Fri, 21 Jan 2005 13:50:20 +0100
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Bas Wijnen wrote:
Daniel Wagner wrote:

Does all drivers trust each other?

Nope they don't have to but at some point its getting a bit tiresome
not to trust the device drivers.  Of course you have to be careful
from where new drivers are loaded but as soon a driver gets active in
the ddf it has access to all hardware resources.  So there is no point
in creating a 'secure' environment.

Are you saying that if I want to write a driver which needs, say, some
i/o ports and an interrupt, it will automatically be allowed to use
everything?  That doesn't sound like a very good idea...  I hope that
the idea then is to make those hardware drivers as simple as possible,
so the actual "meat" of the driver (which contains policy) can be
written by a mortal user (who must of course has access to the device file)?

I think we should separate the drivers in two groups low-level drivers and high-level drivers. Drivers for PCI cards should be low-level, can request interrupts and i/o ports at will and can only be loaded by root/the system. This also implies they can be trusted by each and everyone. Because Deva will be inbetween user applications and drivers, low-level drivers can also trust applications (applications call drivers, drivers son't call apllications so there is no risk of blocking, Deva should just make sure memory mappings are safe).

Drivers for USB devices can be high-level drivers and are loaded when an interactive user logsin and unloaded when an he/she logsout. High-level drivers can only request services from ther bus driver (the low-level driver for the USB Host Controller) with Deva inbetween to make sure the low-level driver can trust the high-level driver.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]