| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Jan 2007 01:45:48 +0100 From: Pavel Machek <pavel@....cz> To: "Kawai, Hidehiro" <hidehiro.kawai.ez@...achi.com> Cc: Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org, gregkh@...e.de, james.bottomley@...eleye.com, Satoshi OSHIMA <soshima@...hat.com>, "Hideo AOKI@...hat" <haoki@...hat.com>, sugita <yumiko.sugita.yf@...achi.com>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Alan Cox <alan@...rguk.ukuu.org.uk> Subject: Re: [PATCH] binfmt_elf: core dump masking support On Fri 2007-01-19 09:40:39, Kawai, Hidehiro wrote: > Hi Pavel, > > >>>Well, you can have it as set of 0-1 "limits"... > >> > >>I have come up with a similar idea of regarding the ulimit > >>value as a bitmask, and I think it may work. > >>But it will be confusable for users to add the new concept of > >>0-1 limitation into the traditional resouce limitation feature. > >>Additionaly, this approach needs a modification of each shell > >>command. > >>What do you think about these demerits? > > > >>The /proc/<pid>/ approach doesn't have these demerits, and it > >>has an advantage that users can change the bitmask of any process > >>at anytime. > > > > Well... not sure if it is advantage. > > For example, consider the following case: > a process forks many children and system administrator wants to > allow only one of these processes to dump shared memory. > > This is accomplished as follows: > > $ echo 1 > /proc/self/coremask > $ ./some_program > (fork children) > $ echo 0 > /proc/<a child's pid>/coremask > > With the /proc/<pid>/ interface, we don't need to modify the > user program. In contrast, with the ulimit or setrlimit interface, > the administrator can't do it without modifying the user program > to call setrlimit. This will not be preferred. Yep, otoh process coremask setting can change while it is running, that is not expected. Hmm, it can also change while it is dumping core, are you sure it is not racy? (run echo 1 > coremask, echo 0 > coremask in a loop while dumping core. Do you have enough locking to make it work as expected?) Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists