Re: A crisis in winTel land
It looks you don't know the Intel protected mode architecture. The issue actually is any OS I know running on Intel - Linux included - doesn't use the protections offered fully. Because of porting issues, because of compatibility, because of performance issues, and so on.
You can have data segments which cannot be executed, you can have code segments that can be executed but not written nor even read. Just most OS load CS, DS, ES, GS and whatever segment register they need on application startup with a simple base address, set their limit to the whole address space, and avoid to create and load proper descriptors for each memory segment needed. Why? Because loading a segment descriptor slows down the applications - because of the security checks. And may not be portable to other architectures. Same reason why, of the four privilege rings, only two has ever been used.
From a security point of view, the Intel architectures was fairly advanced compared to competition - just OSes didn't use it, often exactly because it is not portable.