Newsgroups: comp.arch
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: PEP: Page Execution Priviledge
Message-ID: <1988Oct3.173955.9075@utzoo.uucp>
Organization: U of Toronto Zoology
References: <2550@sultra.UUCP> <1988Sep30.170503.19191@utzoo.uucp> <1988Oct1.115519.11020@light.uucp>
Date: Mon, 3 Oct 88 17:39:55 GMT

In article <1988Oct1.115519.11020@light.uucp> bvs@light.UUCP (Bakul Shah) writes:
>>... how do you prevent a user from
>>branching to some well-chosen place in the *middle* of a privileged
>>routine? ...
>
>Hardware-enforced entry points are not needed if you
>use indirection.  Make sure only privileged jump
>tables are accessible from a non privileged place.

Ah, but now we need three levels of protection:  user, jump table, and
privileged.  Your privileged jump tables *are* hardware-enforced entry
points.  (P.S. the jump-indirect instruction is going to have to be
careful that it can't be fooled.  Consider a machine like the 68020
that will do unaligned fetches:  jump indirect via an unaligned address
in the jump table, that picks up some bytes from one address and some
from the next and treats the combination as a privileged address.)
-- 
The meek can have the Earth;    |    Henry Spencer at U of Toronto Zoology
the rest of us have other plans.|uunet!attcan!utzoo!henry henry@zoo.toronto.edu