Some questions about privileges (priv.h) - Minix

This is a discussion on Some questions about privileges (priv.h) - Minix ; Hi! The variable s_trap_mask in priv struct, can have the "values": SEND, RECEIVE, SENDREC, NOTIFY and ECHO. Well, but the only time these values were set is at booting (main.c) - which would mean this happens only once - and ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Some questions about privileges (priv.h)

  1. Some questions about privileges (priv.h)

    Hi!

    The variable s_trap_mask in priv struct, can have the "values":
    SEND, RECEIVE, SENDREC, NOTIFY and ECHO. Well, but the only
    time these values were set is at booting (main.c) - which
    would mean this happens only once - and
    in the syscall do_privctl(m_ptr):
    rp->p_priv->s_trap_mask = FILLED_MASK;
    but FILLED_MASK is ~0, which would be 1111111b and that
    would mean, that all traps are allowed?
    Did I get something wrong or is this an unused feature?


    Are there any predefined values for s_call_mask in the struct priv?
    This mask also seems to be set only at booting. It is meant
    to be that way (set only once) or is it just not used
    yet?

    Is s_ipc_from even used? If I remember correctly the Thesis from Herder
    this isn't needed, because the send_mask/s_ipc_to indirectly allows the
    same behavior (preventing forbidden message sending).

    Is it correct, that if you have n *unprivileged* user processes, that
    you only have 1 privilege level structure for all of them?


    Is the
    sys_id_t s_id; /* index of this system structure */
    in the priv struct just a index to the privilege level?
    We are a not quite sure about it, another question which
    occured with his variable is the "concept" of the so called
    "system indexes", are these just names for id's in different
    system objects?


    thx in advance!
    Bernhard

    PS: if someone might wonder about all my
    questions, a colleague and I took a look
    (about 6 hours) at Minix today.
    PPS: we are nuts

  2. Re: Some questions about privileges (priv.h)

    > The variable s_trap_mask in priv struct, can have the "values":
    > SEND, RECEIVE, SENDREC, NOTIFY and ECHO. Well, but the only
    > time these values were set is at booting (main.c) - which
    > would mean this happens only once - and
    > in the syscall do_privctl(m_ptr):
    > rp->p_priv->s_trap_mask = FILLED_MASK;
    > but FILLED_MASK is ~0, which would be 1111111b and that
    > would mean, that all traps are allowed?
    > Did I get something wrong or is this an unused feature?


    This is work in progress. As you will see in main.c,
    the s_trap_mask currently is initialized to different
    values: system processes are allowed to use all IPC traps,
    but ordinary user process can only use SENDREC. The latter
    is set for INIT, and thus inherited by all user programs.

    The code in do_privctl() is not yet finished. This is supposed
    to give specified privileges to system processes (servers and
    drivers) when they are started by the RS server. Currently,
    all privileges are given, but in the next release, privileges
    will be tightly controlled.

    > Are there any predefined values for s_call_mask in the struct priv?
    > This mask also seems to be set only at booting. It is meant
    > to be that way (set only once) or is it just not used yet?


    For system processes in the boot image, the s_call_mask is
    defined in main.c, but (like above) for system processes that
    are dynamically started, things are not yet finised.

    > Is s_ipc_from even used? If I remember correctly the Thesis from Herder
    > this isn't needed, because the send_mask/s_ipc_to indirectly allows the
    > same behavior (preventing forbidden message sending).


    Indeed, this is currently not used. It was an experimental
    feature and probably needs to be removed.

    > Is it correct, that if you have n *unprivileged* user processes, that
    > you only have 1 privilege level structure for all of them?


    Yes, it's possible to share privilege structures. Each process
    has a pointer to a privilege structure in its process table
    structure. Currently, all user processes share the same privilege
    structure and all system processes get a private structure that
    precisely restricts what they can do.

    > Is the
    > sys_id_t s_id; /* index of this system structure */
    > in the priv struct just a index to the privilege level?
    > We are a not quite sure about it, another question which
    > occured with his variable is the "concept" of the so called
    > "system indexes", are these just names for id's in different
    > system objects?


    Yes, it's just the index, like p_nr is the slot number in the
    process table structure. This is helpful because usually pointers
    are passed in the kernel and this is a clean way to get the
    associated index.

    >
    > thx in advance!
    > Bernhard
    >
    > PS: if someone might wonder about all my
    > questions, a colleague and I took a look
    > (about 6 hours) at Minix today.
    > PPS: we are nuts


    You're welcome!

    Jorrit




+ Reply to Thread