I have never dug into low level things like cpu architectures etc. and decided to give it a try when I learned about cpu.land.

I already was aware of the existence of user and kernel mode but while I was reading site it came to me that “I still can harm my system with userland programs so what does it mean to switch user mode for almost everything other than kernel and drivers?” also we still can do many things with syscalls, what is that stopping us(assuming we want to harm system of course) from damaging our system.

[edit1]: grammar mistakes

  • jarfil@beehaw.org
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    On x86, there are actually 4 ring levels (0 to 3), but only two (0 and 3) are used for everything. On modern hardware there are also virtualization and service, and remote management rings, sometimes referred as -1, -2 and -3.

    what is that stopping us(assuming we want to harm system of course) from damaging our system

    Some CPU instructions only work at a certain ring level or lower. For example, changing memory mappings, can only be done from ring 0 or below, so a userland program running in ring 3 that would try to access some other programs memory, will get an “forbidden instruction” exception, that would escalate to the kernel’s handler, and it could decide to kill the “malicious program”. There are also many interrupts a ring 0 program/kernel can set, to intercept different program behaviors and handle them as it sees (allow, modify, redirect, block, log, etc.).

    In order to “harm your system”, as in wreak havoc with other programs, you need to either use a kernel function in some way, or get your code to execute at ring 0 (privilege escalation).

    If you mean “harm your system” as in actual hardware, some drivers might allow you to overclock something, turn fans off, and end up with your GPU melting… but that would be a protection failure from the driver/hardware (hardware itself can have anti-overheat protections).