I think for now I’ll say —
If you believe a more authentic DoD can be created, I agree and I’ll be its first fan. I’m at the point where I think — if it’s worth being pointed out then it’s worth implementing. Bring it!!
Not with that attitude it can't.
I like the idea of using the attached screen to scroll logs / show stats. My next server build has a 9" touchscreen on the front panel, and I'm looking for ideas on what (&how) to show there.
DOS on Dope: The last MVC web framework you'll ever need (2010) - https://news.ycombinator.com/item?id=38706483 - Dec 2023 (18 comments)
("Run macOS, Windows and more via a single Nix command, or simple nixosModules", aka, declarative DOS VM images)
There are separate CPU instructions for "near" and "far" jump/call/return, and if all code fits into a single 64K segment ("small model"), there would be no need to ever have the "far" version of these instructions in your code. So if for example a return address or function pointer were overwritten, there would still be no way for an attacker to execute data, since it is in a different segment and all control transfer would be limited to the current code segment.
A lot of the more modern software included in FreeDOS is compiled with GCC and uses a flat 32-bit address space, so it doesn't have that protection. Most of it is command line utilities ported from UNIX-like systems, with even the most trivial of them being more than 100K in file size - IMO this goes very much against the "spirit" of DOS!
It should be possible to modify the compiler and runtime library to use separate segments for code and data. Since there is no size limit in 32-bit mode, there would be no need for far pointers, just two separate address spaces. Of course the UNIX and RISC zealots don't like this because it isn't portable to every other CPU, as if that matters somehow.
Enabling page-based DEP would also be theoretically possible, but require even more effort, I think. And for what purpose?
Since it was including the word "seriously", I thought maybe I should just ask about it for sure. It's not really fun if it's a simple web page hosted on FreeDOS one fine day, a hacked BIOS another.
I got it, it's a fun project made for fun, but still, security is always something to think about.
I learned it the hard way from my childhood SOCKS 5 proxy experiment where I tested a SOCKS 5 proxy on public network. Long story short, within 2 days of running it, one guy discovered the port via scanning, proxied it to login to my ISP account without a password (that's how the ISP set it up), and then stole all the funds in it by purchasing value add-on services for himself. It was a seemingly an all harmless and fun experiment until that happened.
My point it, if the OS don't support such basic security feature (and many other security features), maybe it's just not worth the effort? (other than just-for-fun of course)
