Retro video games delivered to your door every month!
Click above to get retro games delivered to your door ever month!
X-Hacker.org- iAPx86 - Norton Guide http://www.X-Hacker.org [<<Previous Entry] [^^Up^^] [Next Entry>>] [Menu] [About The Guide]

Privilege and protection (protected mode operation)

    Privilege and protection are a means of controlling access to
    code and to data. The security of the system is maintained, as is
    the integrity of the information. Privilege and protection became
    a necessity of programming life when the concept of multiple users
    or multiple uses became a reality.

    
    Privilege
    The concept of privilege is central to several facets of
    protection. Applied to procedures, privilege is the degree to
    which the procedure can be trusted not to make a mistake that
    might affect other procedures or data. Applied to data, privilege
    is the degree of protection that a data structure should have from
    less trusted procedures.


    Privilege levels and rules
    The 80286+ uses 4 levels of protection to optimize support of
    multitasking. Privilege is implemented by assigning a value from 0
    to 3 to key objects which are recognized by the processor. This
    value is called the privilege level (level 0 is the most
    privileged, level 3 is the least privileged). The key items that
    the processor recognizes are as follows:

        DPL     Descriptor Privilege Level
                Descriptors contain a field called the DPL. This is
                the least privilege that a task must have to access
                the descriptor.

        RPL     Requester Privilege Level
                The RPL represents the privilege level requested by
                the procedure that originates a selector.

        CPL     Current Privilege Level
                Generally, the CPL is equal to the segment DPL of the
                code segment that the processor is currently executing.
                CPL changes when control transfers to segments with
                differing DPLs.


    Privilege   Typical use
      level
        0       Kernel, operating system             (most privileged)
        1       System services
        2       Custom extensions (OEM software)
        3       Applications                         (least privileged)

    The 80286+ automatically verifies a procedure's right to access
    another segment by comparing the procedure's CPL to one or more
    other privilege levels. This verification occurs at the time a
    descriptor selector is loaded into a segment register.

See Also: Multitasking Descriptors Selectors

Online resources provided by: http://www.X-Hacker.org --- NG 2 HTML conversion by Dave Pearson