Path: csiph.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!news.glorb.com!usenet.stanford.edu!not-for-mail From: Richard Braun Newsgroups: gnu.hurd.help Subject: Re: Combining Hurd and Qubes OS for security reasons? Possible? Date: Tue, 22 Dec 2015 16:59:35 +0100 Lines: 17 Approved: help-hurd@gnu.org Message-ID: References: <20151219222843.GQ4287@var.home> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: usenet.stanford.edu 1450799985 14079 208.118.235.17 (22 Dec 2015 15:59:45 GMT) X-Complaints-To: action@cs.stanford.edu Cc: help-hurd@gnu.org, David Renz To: Samuel Thibault Envelope-to: help-hurd@gnu.org Content-Disposition: inline In-Reply-To: <20151219222843.GQ4287@var.home> User-Agent: Mutt/1.5.23 (2014-03-12) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 151.80.19.218 X-BeenThere: help-hurd@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Users list for the GNU Hurd List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com gnu.hurd.help:356 On Sat, Dec 19, 2015 at 11:28:43PM +0100, Samuel Thibault wrote: > It will most probably be resistent to windows- and linux-oriented > rootkits, since the implementation is different. If there are flaws in > the ACPI implementation of GNU Mach, there are probably ways to rootkit > it. GNU Mach however currently uses ACPI only for shutting the system > down, so the exposure is low. We'd however need it to eventually work > with multicore processors. The only part of ACPI really needed for SMP is the table that replaces the MP Spec. See X15 [1] for an example. I highly doubt it would lead to code execution. Those blobs mostly come from non architectural devices. -- Richard Braun [1] http://git.sceen.net/rbraun/x15.git/blob/HEAD:/arch/x86/machine/acpimp.c