Re: [PATCH] Sample fix for hyperthread exploit

From: Ingo Molnar
Date: Wed Jun 01 2005 - 21:52:42 EST

Next message: Con Kolivas: "Re: [PATCH] Sample fix for hyperthread exploit"
Previous message: Shaohua Li: "[patch]variable overflow after hunderds round of hotplug CPU"
In reply to: Arjan van de Ven: "Re: [PATCH] Sample fix for hyperthread exploit"
Next in thread: Con Kolivas: "Re: [PATCH] Sample fix for hyperthread exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Arjan van de Ven <arjan@xxxxxxxxxxxxx> wrote:

> > Also, uid is not sufficient. Something more comprehensive (like ability
> > to ptrace) would be appropriate.
>
> I would go a lot simpler. App says "I want exclusivity" via pctl and
> NOTHING runs on the other half. Well maybe with exceptions of
> processes that share the mm with the exclusive one (in practice
> "threads") since those could just read the memory anyway.

this has the disadvantage of needing changes in the security apps.
Basing this off the uid (or the ability to ptrace) makes it at least
automatic - but introduces a permanent penalty not only on multiuser
boxes, but on basically any server box that runs multiple services.

Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Con Kolivas: "Re: [PATCH] Sample fix for hyperthread exploit"
Previous message: Shaohua Li: "[patch]variable overflow after hunderds round of hotplug CPU"
In reply to: Arjan van de Ven: "Re: [PATCH] Sample fix for hyperthread exploit"
Next in thread: Con Kolivas: "Re: [PATCH] Sample fix for hyperthread exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]