lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4BBDE839.4040106@nagafix.co.uk>
Date:	Thu, 08 Apr 2010 15:29:13 +0100
From:	Antoine Martin <antoine@...afix.co.uk>
To:	Avi Kivity <avi@...hat.com>
CC:	Joerg Roedel <joro@...tes.org>,
	Anthony Liguori <anthony@...emonkey.ws>,
	Ingo Molnar <mingo@...e.hu>,
	Pekka Enberg <penberg@...helsinki.fi>,
	"Zhang, Yanmin" <yanmin_zhang@...ux.intel.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Sheng Yang <sheng@...ux.intel.com>,
	linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
	Marcelo Tosatti <mtosatti@...hat.com>,
	Jes Sorensen <Jes.Sorensen@...hat.com>,
	Gleb Natapov <gleb@...hat.com>, ziteng.huang@...el.com,
	Arnaldo Carvalho de Melo <acme@...hat.com>,
	Fr?d?ric Weisbecker <fweisbec@...il.com>,
	Gregory Haskins <ghaskins@...ell.com>
Subject: Re: [RFC] Unify KVM kernel-space and user-space code into a single
 project

Avi Kivity wrote:
> On 03/24/2010 06:40 PM, Joerg Roedel wrote:
>>
>>> Looks trivial to find a guest, less so with enumerating (still doable).
>>>      
>> Not so trival and even more likely to break. Even it perf has the pid of
>> the process and wants to find the directory it has to do:
>>
>> 1. Get the uid of the process
>> 2. Find the username for the uid
>> 3. Use the username to find the home-directory
>>
>> Steps 2. and 3. need nsswitch and/or pam access to get this information
>> from whatever source the admin has configured. And depending on what the
>> source is it may be temporarily unavailable causing nasty timeouts. In
>> short, there are many weak parts in that chain making it more likely to
>> break.
>>    
> 
> It's true.  If the kernel provides something, there are fewer things
> that can break.  But if your system is so broken that you can't resolve
> uids, fix that before running perf.  Must we design perf for that case?
uid to username can fail when using chroots, or worse point to an
incorrect location (and yes, I do use this)

Sorry if this has been covered / discussion has moved on. Just catching
up with the 500+ messages in my inbox..

Antoine


> 
> After all, 'ls -l' will break under the same circumstances.  It's hard
> to imagine doing useful work when that doesn't work.
> 
>> A kernel-based approach with /proc/<pid>/kvm does not have those issues
>> (and to repeat myself, it is independent from the userspace being used).
>>    
> 
> It has other issues, which are IMO more problematic.
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ