Intel 253668-032US Webcam User Manual


 
5-38 Vol. 3
PROTECTION
Now assume that instead of setting the RPL of the segment selector to 3, the appli-
cation program sets the RPL to 0 (segment selector D2). The operating system can
now access data segment D, because its CPL and the RPL of segment selector D2 are
both equal to the DPL of data segment D.
Because the application program is able to change the RPL of a segment selector to
any value, it can potentially use a procedure operating at a numerically lower privi-
lege level to access a protected data structure. This ability to lower the RPL of a
segment selector breaches the processor’s protection mechanism.
Because a called procedure cannot rely on the calling procedure to set the RPL
correctly, operating-system procedures (executing at numerically lower privilege-
levels) that receive segment selectors from numerically higher privilege-level proce
-
dures need to test the RPL of the segment selector to determine if it is at the appro-
priate level. The ARPL (adjust requested privilege level) instruction is provided for
this purpose. This instruction adjusts the RPL of one segment selector to match that
of another segment selector.
Figure 5-15. Use of RPL to Weaken Privilege Level of Called Procedure
Passed as a
parameter on
the stack.
Access
allowed
Access
allowed
Application Program
Operating
System
Lowest Privilege
Highest Privilege
3
2
1
0
Data
Segment D
not
Segment Sel. D1
RPL=3
Segment Sel. D2
RPL=0
Gate Selector B
RPL=3
Code
Segment A
CPL=3
Code
Segment C
DPL=0
Call
Gate B
DPL=3
DPL=0