Path: ...!weretis.net!feeder9.news.weretis.net!news.nk.ca!rocksolid2!i2pn2.org!.POSTED!not-for-mail
From: mitchalsup@aol.com (MitchAlsup1)
Newsgroups: comp.arch
Subject: Re: Privilege Levels Below User
Date: Sat, 8 Jun 2024 17:37:46 +0000
Organization: Rocksolid Light
Message-ID: <1316e4baa439de908666e38c39cd8c79@www.novabbs.org>
References: <jai66jd4ih4ejmek0abnl4gvg5td4obsqg@4ax.com> <Z9I8O.13$2JEf.11@fx14.iad> <5h%8O.4327$wDZ.776@fx48.iad>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org;
	logging-data="3585978"; mail-complaints-to="usenet@i2pn2.org";
	posting-account="65wTazMNTleAJDh/pRqmKE7ADni/0wesT78+pyiDW8A";
User-Agent: Rocksolid Light
X-Rslight-Posting-User: ac58ceb75ea22753186dae54d967fed894c3dce8
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Rslight-Site: $2y$10$qYrIoJZM2jqONkfXbC/oRem0ZKE1h7GzYkewTT5c6nvgbY3FvlM4q
Bytes: 4078
Lines: 69

EricP wrote:

> Scott Lurndal wrote:
>> John Savard <quadibloc@servername.invalid> writes:
>>> This may be a silly idea... but it seems to be the sort of thing that
>>> current concerns about computer security may be calling for.
>>>
>>> It is typical for computers to have a privileged mode of operation,
>>> wherein I/O operations and certain special changes to the state of the
>>> computer are allowed that are barred to normal computational  tasks.
>>>
>>> For various reasons, miscreants have not been completely foiled by the
>>> existence of this feature.
>>>
>>> Some types of instruction that are required for normal computation are
>>> still, to a certain extent, potentially harmful.
>>>
>>> So I am thinking it might be useful to have, for example, two states
>>> less privileged than the user state, and some mechanism for user
>>> programs to call subroutines which are in that state until they return
>>> - the return instruction being limited, sort of like a supervisor
>>> call, so it can only return in a proper manner.
>> 
>> There are already more than five security rings in most
>> processors.
>> 
>> Intel:   Ring 3, Ring 2 (unused), Ring 1(unused), Ring 0, VMX, Enclave,
>> 
>> SMM
>> AMD:     Ring 3, Ring 2 (unused), Ring 1(unused), Ring 0, SVM, SMM
>> ARM64:   Realm Monitor, EL3 (Secure monitor), EL2(Hypervisor), EL1
>> (Kernel), EL0 (user)

> VAX had 4 modes, User, Supervisor, Executive, Kernel.
> VMS used Super for debugger and the command language DCL,
> Exec was mostly for the file system.
> Kernel was for the core of the OS.

> What they found that not only do they not need 4 levels,
> it was a pointless overhead to have to constantly switch between them.
> (There is a pretty high penalty to switching modes, copying in args,
> validating args, doing something usually simple, then switching back,
> when it is all the OS's code anyway.)

VAX was before common era Hypervisors, do you think VAX could have 
supported secure mode and hypervisor with their 4 levels ??

But for similar reasons ring 1 and 2 are not used in x86 machines, 
either. {{NOw, if we could just go back to 1982 and not invent 
IDTs, and call gates, .....}}

> I don't know what privileges Unix on VAX used but it was
> probably 2 levels because PDP-11 had only 2 levels.

> Alpha had 3 levels, User, Supervisor, and a higher third mode called
> PAL for Privileged Architecture Library. It was supposed to be thought
> of like microcode, privileged subroutines. Then PAL mode was used to
> emulate the 4 levels that VMS expected when they ported it.

PAL was microcode in <fast> ROM in the native ISA.

> (I think PAL mode was a way to patent a feature that made the
> ISA impossible to copy without their permission,
> and therefore someone can't take DEC's executables and run them
> on a clone processor, like what happened to IBM with Amdahl.)

Worked real well for them !!

> WinNT was written to be portable so the lowest common denominator
> is 2 levels, User and Super, and everything worked just fine.