Re: How to develop a random number generation device



Joel Kolstad wrote:

"Nobody" <nobody@xxxxxxxxxxx> wrote in message news:pan.2007.09.17.22.37.49.78000@xxxxxxxxxxxxxx

With modern hardware (e.g. 80286 and later running in protected
mode), the address space of one process (or the OS kernel) simply isn't
"visible" to another process.

True, but if you can manage to create a buffer overflow in a kernel process (the TCP/IP stack being a common target here, often implemented as a kernel-level driver), you have the keys to the kingdom.

A messed up data segment is still the data segment. It shouldn't be possible to execute it as a code.

Since 286 there were the goodies like 4 levels of priviledge, separate LDTs for every process, different segment rights for code, data and stack. In the theory, that should allow for a pretty solid protection, however in the practice it was (and still is!) unused for the simplicity, sw compatibility and performance reasons.

Vladimir Vassilevsky
DSP and Mixed Signal Design Consultant
http://www.abvolt.com



.