Information Technology Reference
In-Depth Information
The operating system kernel vs. the rest of the operating system
The operating system kernel is a crucial piece of an operating system, but it is only
a portion of the overall operating system. In most modern operating systems, a portion
of the operating system runs in user-mode as a library linked into each application.
An example is library code to manage an application's menu buttons. To encourage a
common user interface across applications, most operating systems provide a library of
user interface widgets. Applications are free to write their own user interface of course,
but most developers will choose to reuse the routines provided by the operating system.
This code could run in the kernel but does not need to do so. If the application crashes,
it won't matter if that application's menu buttons stop working. The library code (but not
the operating system kernel) shares fate with the rest of the application: a problem with
one has the same effect as a problem with the other.
Likewise, parts of the operating system can run in their own user-level processes.
A window manager is one example. The window manager directs mouse actions and
keyboard input that occurs inside a window to the correct application, and the manager
also ensures that each application modifies only that application's portion of the screen,
and not the operating system's menu bar or any other application's window. Without
this, a malicious application could grab user input to itself, potentially inducing the user
to disclose their password to the application, allowing it to take control of the machine.
Why not include the entire operating system — the library code and any user-level
processes — in the kernel itself? While that might seem more natural, one reason is
that it is often easier to debug user-level code than kernel code. The kernel can use low-
level hardware to implement debugging support such as breakpoints and single step for
user-level code; to single step the kernel requires an even lower-level debugger running
underneath the kernel. The difficulty of debugging operating system kernels was the
original motivation behind the development of virtual machines.
Further, the kernel must be trusted, as it has the full power of the hardware. Any
error in the kernel may corrupt the disk, the memory of some unrelated application, or
simply crash the system. By separating out code that does not need to be in the kernel,
the operating system can become more reliable — a bug in the window system is bad
enough, but it would be even worse if it could corrupt the disk. This is an illustration of
the principle of least privilege, that security and reliability are enhanced if each part of
the system has exactly the privileges it needs to do its job, and no more.
