It was our last best hope for peace...
P T Withington
Thu, 8 Oct 1998 15:34:21 -0400
On 10/7/98 18:19, Ray Dillinger wrote:
>In other systems, like the BeOS, there is exactly ONE mapping of
>physical memory to addresses, and every process uses it. Thus,
>different processes are implemented as what in UNIX would be
>called different threads. This makes context switching a lot
>easier, allows much finer-grained parallelism, gets more use out
>of multiple processors, and a bunch of other nice things. But
>in such an operating system, how do you keep a buggy program
>from writing a random value into the middle of another's data
>(or code!!) causing crashes?
You could require that all your programs be written in a safe language.
That wouldn't prevent someone from intentionally making unsafe operations
(they could write their own assembler, etc.) which is why you need
hardware support to make a system secure againts malicious users. But in
a cooperative/friendly environment it would prevent someone from
accidentally breaking things.
I don't know how Be do it, since I thought they just programmed in C++,
which makes it very easy to unintentionally screw up.
Hardware pointer security doesn't have to mean separate address spaces.
Capability machines provide hardware pointer security, essentially on an