[plug] Help needed - hackers/crackers and monolithic kernels

Craig Ringer craig at postnewspapers.com.au
Fri Aug 5 13:07:03 WST 2005


On Fri, 2005-08-05 at 00:02 +0800, Richard Meyer wrote:
> A friend from more civilised climes (you can see that from the fact he
> gets magazines a month before their publication dates - ;-) sent me the
> following extract. As you may have guessed - he's a Mac fan.
> 
> > The 2600 Hacker Society was featured in the September 2005 issue of 
> > MacAddict, and they had a lot to say.
> > 
> > Some credited OS X's superior technology. "The NSA lists Mac OS X
> > among 
> > the most secure operating systems because it uses an open-source 
> > monolithic kernel structure," according to hacker Patrick Roanhouse. 
> > "It takes all the necessary modules and drivers and incorporates them 
> > into the kernel to form on large kernel. You can't exploit 
> > communication between external modules and the kernel to form one
> > large 
> > kernel. You can't exploit communication between external modules and 
> > the kernel like you can in Windows and Linux."

Interesting, given that Mac OS X has a (semi) microkernel architecture -
though I don't know how it handles drivers, whether it links them into
the core or runs them as servers for the microkernel. Linux is a
monolithic kernel with runtime dynamic loading of modules /into/ that
monolithic kernel. If monolithic is better, Linux doesn't come out
worse, and possibly wins.

My understanding of the theory is that a microkernel should be better
for security and protection against coding screwups, but I really don't
know.

> Now, AFAIK, the Mac (OSX) kernel is a derivative of the Mach kernel,
> which is a micro-kernel - therefore Patrick Whossname is talking crap
> about monolithic, and I have never heard that microkernels are LESS
> secure than monolithic kernels.

The microkernel camp will happily tell you that monolithic kernels are
bad and insecure, and the monolithic camp will happily tell you that
microkernels are bad and slow (and possibly insecure too - I don't
know). The world goes on, and few people care.

> Anybody got any (printable) rebuttals - yes, I'm looking at you, Craig
> Ringer, and anybody else with Mac experience?

"Every OS sucks"

Under any commonly used OS you choose, badly written drivers will cause
stability problems. The BSDs, Linux, Solaris, Mac OS X, and Windows can
all be bought down by crap drivers to varying extents.  I don't know of
any pure microkernel based OS in real-world use (perhaps because they're
SLOOOOOW, at least AFIAIK, due to message-passing overhead) - as far as
I know all the major OSes don't protect the kernel from drivers at all,
or much.

It does depend on the OS and the type of driver. For example, you can
write userspace USB and IIRC printer drivers in Linux, which helps
provide protection for that sort of driver. In Linux most drivers are or
must be implemented as kernel modules that share the kernel's address
space and have little protection between them and the rest of the
kernel. They can crash your machine quite easily if they do something
silly.

I'm not too sure what the situation is on Mac OS X. I *do* know that bad
drivers cause major system instability and kernel panics, I just don't
know the technical details of why. I suspect they're usually kexts
(kernel extensions) and have the feeling they're loaded into the core
kernel like in Linux - but I have *NOT* checked that.

I have vague recollections that WinNT provides a certain level of
isolation between drivers and the kernel, but then provides APIs to
bypass it. I think some drivers are safer than others, but really this
is just very vague memory of things I've read.

Don't even mention Win9x. Ugh.

--
Craig Ringer




More information about the plug mailing list