Re: Accessing Physical Memory & Other Process's Address Space

From: Tim Roberts <spamtrap@xxxxxxxxxx>
Date: Thu, 07 Feb 2008 06:20:52 GMT

"mybwpp@xxxxxxxxxxxxxx" <spamtrap@xxxxxxxxxx> wrote:

In 32 bit protected mode, each user process is allocated a 4GB address
space, whereby program data and code resides in lower 2GB and kernel
is mapped in the upper 2GB (in some cases it is 3GB for user and 1GB
for kernel). However the part of linear address space where kernel is
mapped, is not accessible to user process, due to the difference in
privilege levels. The question is that, do kernel mode processes also
get their address space mapped in the same manner.

In Windows and Linux, at least, there is no such thing as a "kernel mode
process". Processes simply exist. Sometimes they run in user mode,
sometimes they run in kernel mode. In user mode, part of the address space
is visible. In kernel mode, all of it is.

If yes, than it
implies that kernel is also mapped into a part of their address space.
If a kernel mode driver is malicious, it can easily make arbitrary
changes to kernel, as kernel is mapped to its address space and is
accessible also (as both are operating at the same privilege level).
Am I thinking on the correct lines or there is some misconception?

That is correct. In Windows and Linux, at least, kernel code is "trusted
code", and has full run of the system, including overwriting other kernel
code. That's why Microsoft is making it harder to run kernel code.
--
Tim Roberts, timr@xxxxxxxxx
Providenza & Boekelheide, Inc.

.

Follow-Ups:
- Re: Accessing Physical Memory & Other Process's Address Space
  - From: Gil Hamilton

References:
- Accessing Physical Memory & Other Process's Address Space
  - From: mybwpp@xxxxxxxxxxxxxx
- Re: [Clax86list] Accessing Physical Memory & Other Process's Address Space
  - From: Charles Crayne
- Re: Accessing Physical Memory & Other Process's Address Space
  - From: mybwpp@xxxxxxxxxxxxxx

Prev by Date: Re: Can WXP handle 4 GB of Physical Memory
Next by Date: Re: Accessing Physical Memory & Other Process's Address Space
Previous by thread: Re: Accessing Physical Memory & Other Process's Address Space
Next by thread: Re: Accessing Physical Memory & Other Process's Address Space
Index(es):
- Date
- Thread

Relevant Pages

Re: Delphi Bugs
... > recompile the Linux kernel just to install a driver. ... You configure the kernel to have whatever features you want in it. ... Are you saying the vast majority of windows users are idiots? ... there are millions of computers that are not the ...
(borland.public.delphi.non-technical)
Re: sick of Linux bias
... the reason why you get such a bias towards linux even ... >>when some linux servers can be rooted just as easily as windows ones, ... no real kernel land and user land for applicaitons. ... redhat (for alot of them I just lie and install gentoo:)) that will ...
(comp.security.firewalls)
Re: sick of Linux bias
... the reason why you get such a bias towards linux even ... >>when some linux servers can be rooted just as easily as windows ones, ... no real kernel land and user land for applicaitons. ... redhat (for alot of them I just lie and install gentoo:)) that will ...
(alt.computer.security)
Re: No new posts...did you all get wiped out with the new windows worm?
... I think of "Linux kernel, ... the same way I think of "Windows kernel, Windows distro". ...
(misc.news.internet.discuss)
[OT ]Re: Cant X be elemenated?
... > I read your reply to a person worried about the future of linux. ... Then you move the "bloat" to the kernel, ... I guess you're merely running some very heavy apps. ... You should now have a lean fast system compared to windows. ...
(Linux-Kernel)