site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=IuMjM6F9nAuPJPeBZ3x1izy/ZHpS2vzCBmgj9EeiIok=; b=N/I3AqPnOi4Jt5ohLSioD7dZeFQUsoGUwHttSTepIET/Qf00WwPp4qVfg8ELMev0b4 vwfovPciV7bfjbZ83aZZosyMvz4NgRiSogPjshX6dbZ6khbOWu8pCsmkDaurw/BjH2H/ rxZmSKaubh5rm2alwUKkZ/9wQTHnFVnf1KPSA= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=cHSO9rfRD69mdaZoQrw6WK7jcSn7E/k+zmoHKBp4uYKiq5CUo8kICT6WPMvfELP3TR +/ZaeUEgc8x5CWJWqmb/2yjhAM7860zWkaxJff9ZAWCNHmThFEG0TPhwrFj2L3j/S5G6 e+EbxRg/W2TP4Uesk3NGI+QDy1JcVjN/5XaZk= On Mon, Dec 15, 2008 at 5:33 AM, Dean Reece <dean.reece@apple.com> wrote:

It isn't a hassle for legitimate developers because they loose that status as soon as they step outside our KPI space. Thus far, we have not introduced strong protections to prevent developers getting at things we don't export, but that may change if we see customer problems resulting from such practice.

Correct me if I'm interpreting your words wrongly, buy did you just say that anyone who steps out of the limited KPI interfaces is illegitimate? That sounds naive. It's not their fault if you have crippled the FreeBSD kernel API. I'm not saying you don't have any legit reasons to do so, but it's a fact that you've done it. Regarding protections to prevent things like memory patching, et al; honestly, the result will be a more crippled set of kernel interfaces and no true feasible or practical improvements. Once your code runs in privileged mode there's simply no way to prevent anything. The only limitation is the skillset and level of complexity required to implement the new counter measures. Hence why I said all those measures are effectively useless in practice. Unless you have a hardware-based mechanism (which can be assured to be tamper proof as well, think of sealed TPM module or alike) validating privileged code changes or firmware, there's no way you can prevent 'unofficial' modifications. Then again, this could be illegal to implement and will be broken as soon as someone has the time, effort and skillset to put on breaking it. -- - John Denkar _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com