Re: Syscall security

From: Maciej Zenczykowski
Date: Fri Sep 26 2003 - 11:15:37 EST

Next message: Maciej Zenczykowski: "Re: Syscall security"
Previous message: Chris Wright: "Re: Syscall security"
In reply to: Ruth Ivimey-Cook: "Re: Syscall security"
Next in thread: Davide Libenzi: "Re: Syscall security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >Unfortunately sometimes the data transfer through stdio can be counted in
> >hundreds of MB (or even in extreme cases a couple of GB), plus it is
>
> Would running the process under user-mode linux help any? (I'm not sure)

I think that's trying to kill a fly with a cannon. Especially since
afterwards the process in UML would still need to be somehow protected
from calling UML syscalls - I'm not quite sure how UML works (never really
used it), but I'm assuming it will still allow getuid/gettimeofday etc
syscalls. Correct me if I'm wrong _or_ if i'm misinterpreting your idea.
Besides sometimes these processes are spawned in the dozens (sometimes
they spawn massively with very little CPU intensity, other times very
rarely but with massive CPU use) - would I then need a seperate UML kernel
per spawn? and if not then how would this help?

Thx,
MaZe.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Maciej Zenczykowski: "Re: Syscall security"
Previous message: Chris Wright: "Re: Syscall security"
In reply to: Ruth Ivimey-Cook: "Re: Syscall security"
Next in thread: Davide Libenzi: "Re: Syscall security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]