Introduction
In this article, I will illustrate some operating system concepts with examples from Linux / Unix.
These concepts are tied to the architecture, so they still apply with other operating systems (for example, see Windows user mode and kernel mode).
Operating System Layers
Operating systems are organized in abstraction layers, bottom layer closer to the hardware, upper layers closer to user applications.
Source: https://en.wikipedia.org/wiki/Operating_system
The kernel is responsible for:
- Interaction with hardware devices (drivers)
- Multitasking (process scheduling, permissions)
- Memory management (paging, permissions)
- Abstraction layers (Virtual File System)
- Networking
- CPU mode (rings)
System Calls
User processes interact with the kernel using system calls or syscalls.
Syscalls can be used to
- interact with files (open, read, write)
- interact with processes (create, kill)
- allocate / deallocate memory
Syscalls are either called directly by the user process, or called via a glibc wrapper, that also provide some POSIX features.
strace can be used to trace syscalls called by a program at runtime.
Security Rings
Kernel and user space run into different CPU modes, usually represented as concentric rings.
Source: https://en.wikipedia.org/wiki/Protection_ring
In practice, operating systems only use ring 0 for the kernel, and ring 3 for user applications.
The inner rings have access to the outer rings, so the kernel has access to all applications.
Inner rings are more sensitive to security vulnerabilities, because the impact of a vulnerability could compromise the whole machine.
User vs Root
On Unix, the user with UID 0 is known as the superuser, or root
root processes don't run in ring 0, they still run in ring 3, like any other user.
However, root can load/unload kernel modules, and those modules can run kernel code in ring 0.