On Sun, Feb 7, 2010 at 02:56, oiaohm <wineforum-user@xxxxxxxxxx> wrote: > Gert van den Berg. Ring 0 by default has io permissions. > > IOPL is a independent value to rings. To be correct it assigns what IO permission rings has. Basically from ring 0-3 call can be assigned IO permissions if you want. Even that they have related kinds of numbers. And that it is assigned to the ring running the application for it to work. > > http://wiki.osdev.org/Security#I.2FO_Privilege_Level > (My assembler books are a few hundred km's away and the Intel documentation is spread between 10's of PDFs...) Ah, ok, so it looks like the IOPL is a flag value determining for which rings the port permissions (settable with ioperm on Linux) is checked? > Now issue here we really don't want to have to grant this to anything non native. Even granting this to X11 risks big problems. > Direct I/O is dangerous.... (Even when ignoring the problems that multitasking causes...) Which is why I started my first reply with a rant on ehy it should never be done... > Really is a last resort option to enable iopl since it grants way too much access and can cause the kernel to die. ioperm maybe. But it can also have bad effects. > ioperm with all ports aren't much better.... > Also any code using ioperm or iopl is Linux only. Must always be kept in mind that it is such. I was under the impression that BSD also have a iopl call, but it seems that I am wrong...