The Modern CPU allows the system to protect the memory from violated access. Which means that the system may be able limit the memory that a program can access.
Protected mode is an operational mode of the Intel 80286-compatible CPU. Operation mode of CPU decided how CPU uses registers, seeks memory address and does other works.
Usually, the CPU enables the protected mode once the operation system is booted. Once the CPU enters protected mode, the OS is able to perform modern features like multi-tasking, paging, virtual memory, etc. Also, protected mode enables the OS obtaining the fully control of the program, which means that OS can monitor what the program does, how to perform tasks, how much memory the program allocated etc. Even if the program caused memory leak, the system is still able to free the memory via killing the program that caused memory leak.
Also, the program may not able to directly access the memory that not allocated for the program. For example, the program cannot access the memory address that storing the system binaries, or another program memory area.
However, to finish necessary tasks, the OS still offers some opportunities to allow the program to access some sensitive information of the system or other applications.
That is system call.
Shichao's SPO600 