You could attach a pool to a message port so that sender can allocate memory that is also accessible by receiver but not by other memory spaces. It is true that programs not using these features won't be protected and can bring down themselves and all non-protected programs. I do think it should be possible to have programs using the MP protected and not be brought down by other programs by implementing proper exception handling when they receive wrong data.
I dont know how AROS implements dos.library in current version but does it work if I try to save private memory block using Write()? If I try to Open("ram:foobar", MODE_OLDFILE) is it making sure filename is passed properly to fs? And does it guarantee my ExAll() hook is working?
After all there are many issues you can run into.
Of course you can always workaround those issues but I dont see it being trivial in a system that is built using shared memory concept. Ideally all memory should be protected and app writers should not care about stupid memory flags.
