lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4CD26948.7050009@kernel.org>
Date:	Thu, 04 Nov 2010 09:05:28 +0100
From:	Tejun Heo <tj@...nel.org>
To:	Kapil Arya <kapil@....neu.edu>
CC:	Oren Laadan <orenl@...columbia.edu>,
	ksummit-2010-discuss@...ts.linux-foundation.org,
	linux-kernel@...r.kernel.org, Gene Cooperman <gene@....neu.edu>,
	hch@....de
Subject: Re: [Ksummit-2010-discuss] checkpoint-restart: naked patch

Hello,

On 11/04/2010 04:40 AM, Kapil Arya wrote:
> (Sorry for resending the message; the last message contained some html
> tags and was rejected by server)

And please also don't top-post.  Being the antisocial egomaniacs we
are, people on lkml prefer to dissect the messages we're replying to,
insert insulting comments right where they would be most effective and
remove the passages which can't yield effective insults.  :-)

> In our personal view, a key difference between in-kernel and userland
> approaches is the issue of security.  The Linux C/R developers state
> the issue very well in their FAQ (question number 7):
>> https://ckpt.wiki.kernel.org/index.php/Faq :
>> 7. Can non-root users checkpoint/restart an application ?
>>
>> For now, only users with CAP_SYSADMIN privileges can C/R an
>> application. This is to ensure that the checkpoint image has not been
>> tampered with and will be treated like a loadable kernel-module.

That's an interesting point but I don't think it's a dealbreaker.
Kernel CR is gonna require userland agent anyway and access control
can be done there.  Being able to snapshot w/o root privieldge
definitely is a plust but it's not like CR is gonna be deployed on
majority of desktops and servers (if so, let's talk about it then).

> Strategies like these are easily handled in userspace.  We suspect
> that while one may begin with a pure kernel approach, eventually,
> one will still want to add a userland component to achieve this kind
> of flexibility, just as BLCR has already done.

Yeap, agreed.  There gotta be user agents which can monitor and
manipulate userland states.  It's a fundamentally nasty job, that of
collecting and applying application-specific workarounds.  I've only
glanced the dmtcp paper so my understanding is pretty superficial.
With that in mind, can you please answer some of my curiosities?

* As Oren pointed out in another message, there are somethings which
  could seem a bit too visible to the target application.  Like the
  manager thread (is it visible to the application or is it hidden by
  the libc wrapper?) and reserved signal.  Also, while it's true that
  all programs should be ready to handle -EINTR failure from system
  calls, it's something which is very difficult to verify and test and
  could lead to once-in-a-blue-moon head scratchy kind of failures.

  I think most of those issues can be tackled with minor narrow-scoped
  changes to the kernel.  Do you guys have things on mind which the
  kernel can do to make these things more transparent or safer?

* The feats dmtcp achieves with its set of workarounds are impressive
  but at the same time look quite hairy.  Christoph said that having a
  standard userland C-R implementation would be quite useful and IMHO
  it would be helpful in that direction if the implementation is
  modularized enough so that the core functionality and the set of
  workarounds can be easily separated.  Is it already so?

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ