| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Mar 2007 13:28:26 -0700 From: Dave Hansen <hansendc@...ibm.com> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Andrew Morton <akpm@...ux-foundation.org>, Herbert Poetzl <herbert@...hfloor.at>, containers@...ts.osdl.org, menage@...gle.com, linux-kernel@...r.kernel.org, xemul@...ru Subject: Re: [RFC][PATCH 2/7] RSS controller core On Tue, 2007-03-13 at 19:09 +0000, Alan Cox wrote: > > stuff is happening by comparing page->count and page->_mapcount, but it > > certainly wouldn't be conclusive. But, does this kind of nonsense even > > happen in practice? > > "Is it useful for me as a bad guy to make it happen ?" A very fine question. ;) To exploit this, you'd need to: 1. need to access common data with another user 2. be patient enough to wait 3. determine when one of those users had actually pulled a page in from disk, which sys_mincore() can do, right? I guess that might be a decent reason to not charge the guy who brings the page in for the page's entire lifetime. So, unless we can change page ownership after it has been allocated, anyone accessing shared data can get around resource limits if they are patient. -- Dave - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists