29
submitted 1 year ago* (last edited 1 year ago) by SmoothSurfer@lemm.ee to c/programming@beehaw.org

I have never dug into low level things like cpu architectures etc. and decided to give it a try when I learned about cpu.land.

I already was aware of the existence of user and kernel mode but while I was reading site it came to me that "I still can harm my system with userland programs so what does it mean to switch user mode for almost everything other than kernel and drivers?" also we still can do many things with syscalls, what is that stopping us(assuming we want to harm system of course) from damaging our system.

[edit1]: grammar mistakes

you are viewing a single comment's thread
view the rest of the comments
[-] duncesplayed@lemmy.one 1 points 1 year ago

dd if=/dev/zero of=/dev/sda is a userland program, which I would say causes harm.

[-] jarfil@beehaw.org 8 points 1 year ago

/dev/sda access requires superuser/root permissions from the kernel, which means asking the kernel to lift many of the protections.

[-] abhibeckert@beehaw.org 3 points 1 year ago* (last edited 1 year ago)

On some unix systems (MacOS for example) you can't even do that with root.

You'd need reboot into firmware, change some flags on the boot partition, and then reboot back into the regular operating system.

To install a new version of the operating system on a Mac, it creates a new snapshot of your boot hard drive, updates the system there, then reboots instructing the firmware to reboot on the new snapshot. The firmware does it's a few checks of it's own as well, and if it fails to boot then it will reboot on the old snapshot (which is only removed after successfully booting on to the new one). That's not only a better/more reliable way to upgrade the operating system, it's also the only way it can be done because even the kernel doesn't have write access to those files.

The only drawback is you can't use your computer while the firmware checks/boots the updated system. But Apple seems to be laying the foundations for a new process where your updated operating system will boot alongside the old version (with hypervisors) in the background, be fully tested/etc, and then it should be able to switch over to the other operating system pretty much instantly. It would likely even replace the windows of running software with a screenshot, then instruct the software to save it's state and relaunch to restore functionality to the screenshot windows (they already do this if a Mac's battery runs really low - closing everything cleanly before power cuts out, then restore everything once you charge the battery).

[-] jarfil@beehaw.org 1 points 1 year ago

That's interesting, I don't have much contact with Apple's ecosystem.

Sounds similar to a setup that Linux allows, with the root filesystem on btrfs, making a snapshot of it and updating, then live switching kernels. But there is no firmware support to make the switch, so it relies on root having full access to everything.

The hypervisors approach seem like what Windows is doing, where Windows itself gets booted in a Hyper-X VM, allowing WSL2 and every other VM to run at "native" speed (since "native" itself is a VM), and in theory should allow booting a parallel updated Windows, then just switching VMs.

On Linux there is also a feature for live migrating VMs, which allows software to keep running while they're being migrated with just a minimum pause, so they could use something like that.

[-] duncesplayed@lemmy.one 1 points 1 year ago

Yes, which is literally what OP is asking about. They mention system calls, and are asking, if a userland program can do dangerous thing using system calls, why is there a divide between user and kernel. "Because the kernel can then check permissions of the system call" is a great answer, but "hopefully you can't harm your computer with userland programs" is completely wrong and misguided.

[-] farcaster@beehaw.org 1 points 1 year ago

Yeah, security is in layers and userland isn't automatically "safe", if that's what you're pointing out. So I did mention non-superusers. Separating the kernel from userland applications is also critically important to (try to) prevent non-superusers from accessing APIs and devices which only superusers (or those in particular groups) are able to reach.

this post was submitted on 02 Sep 2023
29 points (100.0% liked)

Programming

13360 readers
1 users here now

All things programming and coding related. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago
MODERATORS