Dear Padgett,
once you said:
# If a security program masks out/removes DOS entirely by taking over all
# of the interrupts and communicates with ROM BIOS & hardware (port calls)
# only, it can be made pretty secure.
Can anyone (you?) see any difference between such a "program"
and a standard unix (or OS/2, or even NT) kernel?
What? It will do sheduling in it's own great ;) manner,
it will call "process" by some other name (something
what KA9Q or mswindows does)? So what?
You simply loose modularity (structural clearance) and memory protection
(so called "real mode" in mind -- you buy a nice 32bit
CPU, throw away flat addressing and virtual memory
abilities and a half of register space, say -- half of CPU's price;
and hey! now you can start creation of a New Custom Network OS, for
heavy loaded connections, from very scratch). Ok, maybe that's really
a nice idea. But what are the benefits?
Or will it be a monolitic program, with a complex interface
between it's modules (and it's own fresh bugs both in modules
and in their interactions)?
Oh no, I'd better take a BSD kernel (known and tested for
many years by many really knowlegeable persons) and
attach some processes on top of it
(each in it's own address space, with well-defined IPC, well tested
too). Seems to be a better approach. That's what I am doing
now, and learning all that fancy TCP/IP tips and hints
and reading docos takes all time, together with cosmetic
customizations of the software being used. Go get a headache:
"How to do this all in dos from scratch?" -- thanks, not for me.
Why bother porting BSD TCP/IP stack to dos if I can take FreeBSD
itself _now_ on the same hardware?
Being honest, I must notice, that PC version of Plan9 from Bell
Labs uses dos as a loader, than blows it away (of course).
But other real OSes are already using much smaller and way less complex
loaders, less complexity _is_ an incredible security win! ;)
And no dossiche virii will eat your boot record, never.
(Sorry, the topic is dead, I think; but couldn't resist :-)
--
With best regards -- Andrew Stesin.
+380 (44) 2760188 +380 (44) 2713457 +380 (44) 2713560
"You may delegate authority, but not responsibility."
Frank's Management Rule #1.
References:
|
|
