Why User Programs Can’t Directly Control Memory or Shut Down Your PC

You might imagine writing a regular application that directly reads or writes disks, modifies other programs' memory, or even powers off the whole computer; on modern operating systems this is impossible and the program will be terminated.

Direct Memory Management

Memory is a fundamental resource managed centrally by the operating system. The kernel creates an isolated virtual address space for each process using page tables.

If a user program could arbitrarily modify page tables, disastrous consequences would follow:

Processes could access other processes' private memory, causing data leaks or corruption.

Processes could alter kernel memory, destroying core system structures.

Memory protection would fail, leading to instability or a complete crash.

For example, modifying the CR3 register would let a program switch to any process's address space and read or change its data, completely breaking the system's security boundary.

Privileged Instructions

Some CPU instructions control core behavior and are privileged, such as:

CLI/STI – enable or disable interrupts.

Modifying control registers (CR0, CR2, CR4, etc.).

IN/OUT – performing I/O port operations.

Disabling interrupts (CLI) would prevent the OS from handling external events, causing a user‑level while loop to monopolize a CPU core.

Direct Hardware I/O

Programs can also attempt direct hardware access via:

IN/OUT instructions for I/O ports.

Memory‑mapped I/O (MMIO) regions.

Improper hardware access can damage devices or corrupt data; for instance, bypassing the file system to read or write arbitrary disk sectors could expose or alter any file, including critical system data.

Kernel Data Structures

The kernel maintains complex data structures such as the process control block (task_struct), file descriptor tables, interrupt vectors, and page tables. Allowing user‑mode programs to modify these would be catastrophic.

Changing its own task_struct to set the effective UID to 0 would instantly grant root privileges, bypassing all security checks.

CPU Privilege Control

CPU instructions are divided into privileged and non‑privileged categories. Modern CPUs (e.g., x86) implement multiple rings; operating systems typically use Ring 0 (kernel mode) and Ring 3 (user mode).

Only code running in Ring 0 can execute the privileged operations described above; otherwise an exception occurs, the OS intervenes, and the offending process is killed.

This privilege‑level isolation is a cornerstone of system security and stability, enabling dozens or hundreds of programs to run concurrently without compromising each other.