Re: IOKit KEXT Question
Re: IOKit KEXT Question
- Subject: Re: IOKit KEXT Question
- From: Matt Burnett <email@hidden>
- Date: Thu, 16 Aug 2007 01:45:54 -0500
On Aug 16, 2007, at 1:16 AM, Michael Smith wrote:
It does not, beyond causing the failure of operations requesting
directions that would violate the task's mapping protections.
The sort of operation you're describing is not part of the
operation model for any I/O Kit driver or family, so no, there are
not. As a general rule, tasks don't expect operations to have that
sort of permanent side-effect - there are interfaces that they may
call if it's what they want. It is, of course, possible to remap
client address ranges in the kernel with differing protections.
This is documented in the literature and has been widely discussed
here and on other Darwin lists. I/O Kit kexts are linked against
the symbol sets on which they declare dependencies. This
facilitates a number of useful and largely invisible features.
Thanks for the info.
... which would of course prove the point that you mistakenly think
Terry was making, beyond any contradiction.
As has clearly been articulated in both this thread and many others
preceding, this has nothing to do with security. It is a matter of
providing sustainable interfaces to developers and techniques for
managing situations where interfaces have to change in a graceful
fashion.
I think the preceding threads prove my point that there is a demand
from the development community to provide kernel hooks even if the
interface is volatile. If Apple doesn't provide one, then that makes
me think they dont want to because it could destroy the user
expierence with kernel panics. The downside to that is, if Apple
doesn't provide a regulated but liberal interface into the kernel the
developers will create their own. With my proposed plan at least
gives the user fair warning, whereas the present solution requires me
to hook it manually, leaving the possibility i would never inform the
user of the hook and the resulting panics being perceived by the user
to be Apple's fault.
Terry did say that "We hide system calls so someone unscrupulous..."
can't hook them. The act of hiding something from a unscrupulous
person directly implies the act of hiding to be a security measure,
see my first reply to him for a definition of unscrupulous.
I'm sure if you were to check Terry's e-mail address you would in
fact find that he is paid on a daily basis to come up with better
ideas than yours, and perhaps it would be worth your while to sit
back for a bit and think about what has actually been said in this
thread, and the many on related subjects prior, before leaping back
into the fray.
lol, should i be impressed with your email address as well?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden