Information on implementing L4

John john.r.moser at
Sat Sep 15 03:22:21 CEST 2018

On Fri, Sep 14, 2018 at 9:05 PM Andrew Warkentin <andreww591 at>

> On 9/14/18, Paul Boddie <paul at> wrote:
> On 9/14/18, John <john.r.moser at> wrote:
> >
> > The Kernel-CLR runtime is basically a fancy privileged service loader,
> and
> > doesn't run userspace applications.  Basically, if you can load a driver,
> > you can get Kernel-CLR to process arbitrary input.
> >
> Then you effectively have a monolithic kernel, not a microkernel, if
> you have a kernel module loader and drivers run in the kernel's
> context rather than as normal processes. The whole point of a
> microkernel is to make an OS that's extensible through normal
> processes. A kernel module loader greatly increases the attack
> surface, even if you are using language features to protect kernel
> modules from one another (as a few people here have said,
> hardware-based protection is generally more robust than language-based
> protection).

It doesn't have to run at Ring-0 you know.  Think about if you loaded a
malicious network card driver into L4.

> _______________________________________________
> l4-hackers mailing list
> l4-hackers at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the l4-hackers mailing list