OSDev.org

The idea is that the only binary that runs is the kernel. This makes it fast because it never has to call to run anything outside of itself. Since all software is written into the kernel I have complete control over it, meaning I can make it play nice together.

And I mean security as in from viruses and the like. Since it never runs anything outside of the kernel it can't get infected. I am targeting Dreckig OS at embedded systems and e-appliances, so once I get network drivers &c. running it can use the web with no risk.

More info:
http://www.osnews.com/story/25463/Dreck ... hic_Kernel

it can use the web with no risk

And only one bug will be needed to own the device ...

GAT wrote:it can't get infected

Everything can be hacked. What you mean is, perhaps: "Nobody will care enough to try and hack me"

GAT wrote:it can't get infected

As long as you cannot detect it.

bluemoon wrote:

GAT wrote:it can't get infected

As long as you cannot detect it.

This needs to be rephrased to 'it cant get disinfected'.

If someone manages to hack the OS via an exploit and insert code into one of the binaries, there's no way to install an anti-virus or other antidote to fix it, apart from through you... It's there and it's staying there

ydoom wrote:

GAT wrote:it can't get infected

Everything can be hacked. What you mean is, perhaps: "Nobody will care enough to try and hack me"

What about a machine running nothing more than a delay loop? Could that be hacked into? Maybe if the power disconnects and it reboots you could hack into it at that point, but if it has battery back up and never crashes, how would you hack your way in? If the answer to that is that you can't hack into it, then extend this example to make the computer do some real work, and keep extending it little by little until it's able to browse the Web while still being impossible to hack into.

Running everything in kernel mode is exactly what I do, and at some stage the only additional software that will be allowed to run in my OS will have been written by A.I. in the OS, leaving no route open for anyone to get their malicious code run in the machine (unless it's built into the BIOS from the outset).

then extend this example to make the computer do some real work, and keep extending it little by little until it's able to browse the Web while still being impossible to hack into.

Why not extend it until it has the 'intelligence' of my 12 year old son ? Then see how easy it is to convince it to install malware and destroy itself.

My entire operating system is the kernel, which is one file. It only runs software inside of itself, so even if someone wrote a virus for it they would have to write the virus into the kernel and recompile it. This makes it so a virus can't simply be installed in Dreckig OS.

The point people here are trying to make is that it's only "safe" until you connect it to the outside world. With an Internet connection, people could send raw packets and do all kind of trickery to find bugs in your system. As long as you're not running the browser part in ring 3 with limited access to the rest of your system it doesn't matter if the browser is part of your kernel or a separate program - a hacker will get ring 0 access to your CPU.

gerryg400 wrote:

then extend this example to make the computer do some real work, and keep extending it little by little until it's able to browse the Web while still being impossible to hack into.

Why not extend it until it has the 'intelligence' of my 12 year old son ? Then see how easy it is to convince it to install malware and destroy itself.

Have you managed to convince your son to install malware into himself which will destroy him? It is actually possible to do it with humans, using viruses such as religions [don't take that as an attack on all religions - I'm leaving the possiblility there that one of them's the real deal, but however you see it the rest are clearly viruses].

bubach wrote:With an Internet connection, people could send raw packets and do all kind of trickery to find bugs in your system.

Clearly it's risky in a system that could contain bugs, so unless you have a system that can eliminate all bugs, it makes sense to use the available protection features. The main problem with browsing the Web with a human-designed system that's supposed to be comletely safe would be that you'd have difficulty running any scripts in the pages you're trying to view - the complexity involved immediately opens up oodles of possibilities for things to go wrong, so you'd really have to restrict yourself to viewing the source code of the pages instead of running the scripts. However, if you only ever need to access websites which don't do anything complicated, maybe it's viable. The most important thing is to leave the door open to adding in protection features later on if it turns out they're vital. Until your OS becomes popular, no one's going to waste time trying to hack into it anyway, so it really doesn't matter at this stage.

GAT wrote:if someone wrote a virus for it they would have to write the virus into the kernel and recompile it

The insertion of virus into kernel doesn't inevitably mean recompilation. It may be a patch with a jump to an added code.

Yoda wrote:

GAT wrote:if someone wrote a virus for it they would have to write the virus into the kernel and recompile it

The insertion of virus into kernel doesn't inevitably mean recompilation. It may be a patch with a jump to an added code.

Yes and if that added code contains instructions to write to disk then it can make itself permanent. it can do this even if your fs is readonly as it could just implement a basic disk driver within itself. it comes down to if someone really can be bothered but don't underestimate a bored or interested cracker...

We need to remember that this OS has an interpreter, so, so long as the interpreter can write to the file which stores dreckigOS's kernel it can cause damage. Also if everything is written on the same platform i.e. dreckig's VM, then u can exploit other programs running code.

DavidCooper wrote:What about a machine running nothing more than a delay loop? Could that be hacked into? Maybe if the power disconnects and it reboots you could hack into it at that point, but if it has battery back up and never crashes, how would you hack your way in?

Yes, you're right - this would be improbable to hack remotely (you could as well ask how does one hack a stone). And yes, you nailed it - the attack surface in this case would be a bootstrap storage device, and perhaps the battery But as soon as you start "adding instructions" (and make the machine do something actually), you also start adding risk, because:
- you haven't had time to foresee all situations
- different parts of program rely on each other (sometimes even trust blindly)
- everything is always put in some context (let it be hardware context, for example), introducing even more of The Unknown

Think about how you can hack a pizza delivery system by ordering pizzas from all around the city to your victim. Now please, start from "pizzaman doing nothing, without a phone, and just sitting", and extend it "step by step" to a "safe" system.

IMHO that's a macro scale manifestation of the second law of thermodynamics, but I can't explain how