Re: [RFC v1 00/14] Bus1 Kernel Message Bus

From: Josh Triplett
Date: Sat Oct 29 2016 - 17:07:50 EST

Next message: Pavel Machek: "Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]"
Previous message: Arnd Bergmann: "Re: [PATCH] [media] dib0700: fix nec repeat handling"
In reply to: Kirill A. Shutemov: "Re: [RFC v1 00/14] Bus1 Kernel Message Bus"
Next in thread: Michael Kerrisk: "Re: [RFC v1 00/14] Bus1 Kernel Message Bus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 27, 2016 at 03:45:24AM +0300, Kirill A. Shutemov wrote:
> On Wed, Oct 26, 2016 at 10:34:30PM +0200, David Herrmann wrote:
> > Long story short: We have uid<->uid quotas so far, which prevent DoS
> > attacks, unless you get access to a ridiculous amount of local UIDs.
> > Details on which resources are accounted can be found in the wiki [1].
>
> Does only root user_ns uid count as separate or per-ns too?
>
> In first case we will have vitually unbounded access to UIDs.
>
> The second case can cap number of user namespaces a user can create while
> using bus1 inside.

That seems easy enough to solve. Make the uid<->uid quota use uids in
the namespace of the side whose resources the operation uses. That way,
if both sender and recipient live in a user namespace then you get quota
per user in the namespace, but you can't use a user namespace to cheat
and manufacture more users to get more quota when talking to something
*outside* that namespace.

- Josh Triplett

Next message: Pavel Machek: "Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]"
Previous message: Arnd Bergmann: "Re: [PATCH] [media] dib0700: fix nec repeat handling"
In reply to: Kirill A. Shutemov: "Re: [RFC v1 00/14] Bus1 Kernel Message Bus"
Next in thread: Michael Kerrisk: "Re: [RFC v1 00/14] Bus1 Kernel Message Bus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]