Article <jai66jd4ih4ejmek0abnl4gvg5td4obsqg@4ax.com>

Deutsch English Français Italiano
<jai66jd4ih4ejmek0abnl4gvg5td4obsqg@4ax.com>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: John Savard <quadibloc@servername.invalid>
Newsgroups: comp.arch
Subject: Privilege Levels Below User
Date: Fri, 07 Jun 2024 12:03:03 -0600
Organization: A noiseless patient Spider
Lines: 39
Message-ID: <jai66jd4ih4ejmek0abnl4gvg5td4obsqg@4ax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 07 Jun 2024 20:03:06 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="1d911cacd2ec5ddce02e02a3dfaa029b";
	logging-data="2290943"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/9xcs1iRzcraumvGKud1UMVH0PPEKKdcs="
Cancel-Lock: sha1:4Dd6UKJmZgZR+GJquSGqMTJq2Bs=
X-Newsreader: Forte Free Agent 3.3/32.846
Bytes: 2674

This may be a silly idea... but it seems to be the sort of thing that
current concerns about computer security may be calling for.

It is typical for computers to have a privileged mode of operation,
wherein I/O operations and certain special changes to the state of the
computer are allowed that are barred to normal computational  tasks.

For various reasons, miscreants have not been completely foiled by the
existence of this feature.

Some types of instruction that are required for normal computation are
still, to a certain extent, potentially harmful.

So I am thinking it might be useful to have, for example, two states
less privileged than the user state, and some mechanism for user
programs to call subroutines which are in that state until they return
- the return instruction being limited, sort of like a supervisor
call, so it can only return in a proper manner.

The first reduced-privilege state would not allow any branch
instructions, particularly conditional branches.

The second, in addition, would not allow any access to memory, only
allowing access to registers.

To use these states to aid in security, more is required.

For one thing, blocks of memory would need to be able to be marked as
not only containing code or data, but as containing code that runs at
one of these reduced privilege levels.

And then comes the payaoff: a block of memory could be marked as
writeable, but yet containing executable code, for things like
just-in-time compilation... but as only containing code at one of
these reduced privilege levels. Thus preventing the generation of code
containing branches or memory accesses, as desired, while allowing the
generation of computational sequences.

John Savard