[转载]RPL和DPL的区别以及其必要性

文章解释了RPL相关概念及作用。x86分段架构有CPL、DPL和RPL三种特权概念,RPL用于在低优先级进程调用高优先级进程时,暂时降低被调用进程优先级,避免低优先级进程欺骗高优先级进程访问高优先级数据段,解决特权提升问题。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

转载自 https://iambvk.wordpress.com/2007/10/10/notes-on-cpl-dpl-and-rpl-terms/

这篇文章很好地解释了我对RPL的疑惑:简要来说,RPL存在的目的是,在低优先级的进程L调用高优先级进程H时(如,系统调用),将被调用的高优先级进程H的优先级暂时降低,以避免L欺骗H访问优先级比L高的数据段。专业术语是,避免Privilege Escalation

下面是原文,做了一些格式修改以便阅读。

Notes on CPL, DPL and RPL terms

x86 Segmentation architecture uses there privilege concepts.

  • CPL – Current Privilege Level

    This is the privilege of the currently executing code. Last two bits of CS register are considered as CPL.

    Inter-segment calls, jumps, external interrupts, exceptions, task switching etc. operations can change the CS register contents thus, the privilege of currently executing code.

  • DPL – Descriptor Privilege Level

    All 8 byte descriptors that define code, data, stack etc., segments have two bits reserved for specifying a privilege-level for that segment. This is known as DPL.

    DPL bits specify the minimum (or sometimes maximum) privilege required for using (i.e, executing/reading/writing) that segment contents.

  • RPL – Requested Privilege Level

    These are the last two bits of DS, ES, SS, FS, GS registers. RPL field is used to harden the CPL, when higher-privileged code is servicing lower-privileged processes requests.

How RPL helps to solve Privilege Escalation problem?

Assume a higher-privileged device-driver that supports a mechanism where, it can copy data from disks directly into lower-privileged processes’ data-segments. Lower-privileged processes must pass their data-segment details (selector, address and size of data to copy) to the device-driver so that device-driver can copy data into appropriate location.

Since a device-driver is higher-privileged, a lower-privileged process can trick the driver to copy data into high-privileged data-segments, simply by passing wrong selector value. This kind of exploit is called, Privilege Escalation.

Continuing the above example, whenever device-driver loads the destination segment, it modifies the destination segment’s RPL to match the requestor (lower-privileged) process. Since protection rules for data-segments check for both CPL <= DPL and RPL <= DPL conditions, higher-privileged process gets a protection-fault on RPL <= DPL check.

The point to note is, higher-privileged code, when it is providing services to lower-privileged processes should reduce its privilege temporarily to the requestors’ privilege-level.

This entry was written by iambvk, posted on October 10, 2007 at 3:05 am, filed under operating systems. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值