Privileged mode commands in FreeBSD processes
Victor
vicmrml at gmail.com
Wed Aug 31 20:05:13 UTC 2011
Is it possible to write and start a program in FreeBSD, which could
execute processor commands of previleged modes (protection rings),
commonly prohibited to a process in the user mode?
For example we could permit the process direct access to i/o ports (IN
and OUT commands on PC architecture), execution of the software
interrupt command with any operand (INT), access to descriptor tables
registers (GDT, LDT, etc.) with capability of changing content of both
these registers and descriptor tables themselves (situated in the RAM).
We could also allow the process to change flag bits in the registers of
CPU, responsible for processor modes (memory addressing modes,
transition from protected to real mode and vice versa, etc.) In fact, if
this feature exists in FreeBSD, it must switch the processor for the
time of execution this process to the mode with higher privileges (to
the protection ring from 2 to 0, not 3 in x86). I would like to ask the
FreeBSD community, does this possibility exist in FreeBSD?
I understand the problem can be easily solved by deviding the program
into two parts: the process (COFF or ELF file) and the driver. All the
code, containing privileged commands, could be placed in the driver, as
the rest of the code (its unprivileged part) could be contained in the
process. As far as I understand, the driver code is executed in the 0
ring mode, so it has no restrictions. On the other hand it would be
interesting to have such an opportunity for common processes in both
educational (e. g. studying assembler privileged mode commands) and
technical purposes. Of course this feature is a great threat for system
safety, and besides programs, using it, can easily completely destroy
the system, however it could be useful for some aims.
Does anything of such kind exist in FreeBSD? If it does, please give me
a reference in the FreeBSD documentation.
Victor.
More information about the freebsd-arch
mailing list