-
-
Notifications
You must be signed in to change notification settings - Fork 4
Security
Kazah edited this page Jul 5, 2026
·
1 revision
NyxOS is a hobby OS with no security guarantees, but implements several hardening measures.
See also: Syscalls, Userspace, Memory Management, Architecture
| Ring | Privilege | Code | Memory |
|---|---|---|---|
| 0 | Kernel | Scheduler, drivers, VFS | All physical memory + user memory via copy_from/to_user |
| 3 | User | ELF programs | Private user pages only |
- Page-table isolation: Kernel in higher half (PML4[511]), user PML4s have no identity mapping
- NX bit: User stacks and data pages mapped non-executable
- SMEP: (Optional) Ring 0 cannot execute ring-3 pages
- CR0.WP: Supervisor writes to read-only pages fault (required for COW)
-
Pointer validation:
user_ptr_ok()rejects pointers outside[0x1000, 0x800000000000) - Opaque fds: Userspace gets small integers; kernel VFS handles never exposed
- copy_from_user/copy_to_user: Walks user page tables, bounces through identity map
Framebuffer login, /etc/passwd on EXT2 (XOR-obfuscated, djb2 + salt). Default nyx/nyx.
No IOMMU, no encryption, no Spectre mitigations, minimal TCP stack hardening.
Contact: uselessalter on Discord | nyxos@inbox.lv | GitHub