It doesn't even indicate protected memory segments. You should be able to implement traditional buffer overflows and self-modifying assembly on this processor (that is, you can write to your instructions as if they were any other type of memory).
Here is an analogy, what you are talking about is secure walls with a lockable door; what you have in this chip is some wood, a saw, some nails and a hammer.
It's 128KB of RAM, that's the same as the original Macintosh in 1984. I would be surprised if it ran at more than about 10MHz. And nevermind the constrained resources for implementing any of this hypothetical infrastructure, unless Notch adds an MMU, you can't enforce permissions
You can't think about this in modern terms. It's not a modern computer. It's a 1980s computer, and it's supposed to run a spaceship. Think microcontrollers, not smartphones or set-top boxes.
Couldn't the permission system exist outside of the constraints of the in-game computer (as just some game mechanism)? If each of the ship's discrete components were accessible at some address, couldn't the game enforce the permissions at a level above the simulated CPU?
A rough static analysis of the code might reveal where those components are accessed, and as long as you enforce permissions while the software runs then you should be able to catch anything that tries to slip past.
Go back and look at the first post in this very thread. Notch explicitly intends nothing of the kind, and I certainly can't see why it would be done -- it runs counter to the vision thus far articulated.
It should be possible to provide programs as "data" that is interpreted by the program "running" on Notch's CPU, thus allowing a fine-grained, whitelisted permissions even without MMU. No?
Depends on how it's structured, doesn't it? It's entirely possible that programs and data will share the same memory with no sandboxing between programs. In that case, then without some sort of MMU a virus could just inject code into an otherwise benign program.
Even with finer program access controls, it would still be hard to protect as long as untrusted code was allowed to alter trusted.
You would have to abstract the CPU in some way and then write the permissions management in software as part of the interpreter. Bear in mind that this is already only a 16bit CPU with a restricted address space.
You would have to abstract the CPU in some way and then write the permissions management in software as part of the interpreter.
Yes, that's what I said. :)
Bear in mind that this is already only a 16bit CPU with a restricted address space.
I suspect the interpreter could be made to fit, with limited space left for the untrusted (to-be-interpreted) code. As has been pointed out elsewhere, though, if there is a backing store (i.e., simulated hard drive), it's probably possible to have effectively unlimited "RAM" in the game in practice, unless Notch implements a slowdown for accessing the backing store.
True, but your CPU is limited too so having to lex & parse sourcefiles and walk syntax trees to run programs could be a bottleneck there, if you remember old computers there was a significant performance gap between native and interpreted code.
In practice that might not matter for many applications if they do not have to use intensive algorithms etc.
I would still imagine that compilers would be used more than interpreters though which would mean that some security would need to be present at the "hardware" or "firmware" level.
Another interesting thing to think about regards backing stores:
I assume that the programs will be able to take input from the world around them, i.e other ships , objects in space etc.
So what's to stop you from using (perhaps) a tractor beam to re-organise the position of asteroids in space and then "read" that data back using ship instrumentation?
Potentially the entire universe becomes one big DB!
Plasma Shield Generator requests the following permissions:
Plasma Shield Generator will not: