**Descriptor Protection Level (DPL):** Each segment has a protection level. Segment descriptors describe a segment (where it starts, its linear address space, etc.). Segments can have four protection levels, called descriptor protection levels (DPLs): 0 to 3 (where 0 is most privileged) ![[attachments/Screenshot 2023-05-26 at 4.21.31 PM.png]] **Current protection level (CPL):** Current privilege level of the code being executed. CPL is the DPL of the code segment being executed. **Requestor privilege level (RPL):** Specified in segment selector. RPL is used to stop privilege escalation attacks. The RPL is stored in the segment selector (the entries of the GDT/LDT). ![[attachments/Screenshot 2023-05-26 at 3.25.41 PM.png]] Before granting access, we check following for the target $max(CPL, RPL) \le DPL$ This is why user code cannot access kernel data. (Kernel data has a DPL of 0) ![[attachments/Screenshot 2023-05-26 at 3.27.40 PM.png]] Dotted lines are rejected access. ### Conforming and non-conforming segments #### Conforming code segments - Transfer to more privileged code segment allows execution to continue at current privilege level - Useful for system utilities that do not need protected system (exception handler for divide by zero) #### Non-conforming code segments - Transfer to different privilege segment generates a general protection fault unless call or task gate is specified - [[Call gates]] can be used for transfer to different privilege levels (better ways to do this – system call instructions) - All data segments are non-conforming ### Page level protection This way you can protect a particular page within a segment. Also called paged segmentation **Page protection levels** - PPL of 0 (privileged) or 1 (non-privileged) - If the CPL is 3 we can only access PPL of 1. This is because PPL 0 is a privileged level but CPL 3 is a user level privilege. - There are read-write protections on pages as well - You can also disable execution of a page (by setting the execute disable bit in a page)