It doesn't have to run at Ring-0 you know. Think about if you loaded a malicious network card driver into L4.
No L4 kernel I'm aware of has any facility for loading drivers into the kernel. Drivers on L4 OSes are either regular processes that are allowed limited hardware access ore are libraries loaded into such processes. From what it sounds like, you are wanting to run all privileged services in the same address space and hardware privilege level, relying solely on the CLR to enforce protection domains, which would be less secure than a formally verified microkernel using hardware protection.
Those processes with limited hardware access are able to do funny thing.
The process that manages virtual memory, for example, can get into the memory space of any process running on the system. It crosses all security boundaries.
If you load a rogue VFS driver, it can take over all file system access, injecting code into software and crossing all security boundaries.
Your Ring-3 process scheduler isn't some user process like init or X11; it's an OS service running at a high privilege level, able to manipulate how the system runs.
A malicious ring-3 microkernel networking service can eaves drop and MITM everything going through networking. It's a packet sniffer, dumper, and network scanner running in a place with high amounts of control.
Yes, they have different virtual address spaces, they have Ring-3 execution level, and they function as part of the operating system software instead of the userland. They don't load through the POSIX ABI and make mundane calls; they PROVIDE the POSIX ABI.
So imagine if you loaded a malicious network card driver into L4. It's running Ring-3, it's passing IPC messages to the L4 kernel and to the TCP stack, it has its own memory space, and it's tampering with your connection and sending copies of bank data to a command and control server in Russia.
_______________________________________________
l4-hackers mailing list
l4-hackers@os.inf.tu-dresden.de
http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers