| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 Apr 2010 15:29:13 +0100 From: Antoine Martin <antoine@...afix.co.uk> To: Avi Kivity <avi@...hat.com> CC: Joerg Roedel <joro@...tes.org>, Anthony Liguori <anthony@...emonkey.ws>, Ingo Molnar <mingo@...e.hu>, Pekka Enberg <penberg@...helsinki.fi>, "Zhang, Yanmin" <yanmin_zhang@...ux.intel.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Sheng Yang <sheng@...ux.intel.com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, Marcelo Tosatti <mtosatti@...hat.com>, Jes Sorensen <Jes.Sorensen@...hat.com>, Gleb Natapov <gleb@...hat.com>, ziteng.huang@...el.com, Arnaldo Carvalho de Melo <acme@...hat.com>, Fr?d?ric Weisbecker <fweisbec@...il.com>, Gregory Haskins <ghaskins@...ell.com> Subject: Re: [RFC] Unify KVM kernel-space and user-space code into a single project Avi Kivity wrote: > On 03/24/2010 06:40 PM, Joerg Roedel wrote: >> >>> Looks trivial to find a guest, less so with enumerating (still doable). >>> >> Not so trival and even more likely to break. Even it perf has the pid of >> the process and wants to find the directory it has to do: >> >> 1. Get the uid of the process >> 2. Find the username for the uid >> 3. Use the username to find the home-directory >> >> Steps 2. and 3. need nsswitch and/or pam access to get this information >> from whatever source the admin has configured. And depending on what the >> source is it may be temporarily unavailable causing nasty timeouts. In >> short, there are many weak parts in that chain making it more likely to >> break. >> > > It's true. If the kernel provides something, there are fewer things > that can break. But if your system is so broken that you can't resolve > uids, fix that before running perf. Must we design perf for that case? uid to username can fail when using chroots, or worse point to an incorrect location (and yes, I do use this) Sorry if this has been covered / discussion has moved on. Just catching up with the 500+ messages in my inbox.. Antoine > > After all, 'ls -l' will break under the same circumstances. It's hard > to imagine doing useful work when that doesn't work. > >> A kernel-based approach with /proc/<pid>/kvm does not have those issues >> (and to repeat myself, it is independent from the userspace being used). >> > > It has other issues, which are IMO more problematic. > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists