site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ZNM/p/wTNuxSi7kI8JFuI3HTYK+iYRMYh1ZYOxcs1mk=; b=qnGLUzTvme6xvJ0AFK8mgpSfEtg5zwODP2SXK1g+hI0wIPR6wunh4XSLs6kHB1GAPG UDVfMAbo9qjoxiwnl6UsEOKUGtHhotMih+CYNa7ueZrbJ1cvJXPA8gz9+NrCYsdNvvMY c0TFeuBWmN1GIBxPzHKjIl8yj2FecsttcsCJQ= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=keb9U1rurvlEHqczlP2bUFxUAaoftWwZ+MBknanwmsOBRoylIUJaJCmFgqhcatv9hL 4VAltGqUd3pZV/aUyCExxf4+mIIkXmndYWmAi/rVaWkm9S5O9k1jVp+ZyKHZ5ApSKtd5 mTq8UiTHkoLZyW2A/lFCwEv7a+1p6yx+NJZZ0= On Sat, Oct 4, 2008 at 1:52 AM, Quinn <eskimo1@apple.com> wrote:

Specifically, if you link against the entire kernel

Just to be sure, when you say link against the kernel, that means building a new kernel with my IOService built-in? I don't know if it is right but I have the feeling that Apple tries to prevent as much as possible kext's accesses to the kernel functions & data. I am neither a driver person nor a kernel programmer but I played a little with Windows and FreeBSD and I could directly access to processes data structures for example: It is ease to hide a process just by modifying kernel data from a dynamic loadable driver. Obviously, this is a big advantage to prevent anyone to play with kernel internals data, however it means that third party software like anti virus software or monitoring tools will suffer of performance and security issues, right ?

<http://www.opensource.apple.com/darwinsource/10.5/xnu-1228//bsd/uxkern/ux_exception.c> Thank you very much for pointing this out!

Nicolas _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com