| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120329183058.GF16476@fifo99.com> Date: Thu, 29 Mar 2012 11:30:59 -0700 From: Daniel Walker <dwalker@...o99.com> To: Tim Bird <tim.bird@...sony.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "kernel-team@...roid.com" <kernel-team@...roid.com> Subject: Re: [RFC] Android Logger vs. Shared Memory FIGHT! On Thu, Mar 29, 2012 at 11:20:17AM -0700, Tim Bird wrote: > Putting bogus pids in the log would allow a log DDOS-er to hide their > activity more easily. But with the log in user-space, there are much more > insidious things that could be done to hide or corrupt log activity. So > the sensitivity of this particular piece of log data is not that great. > -- Tim Bogus pids or real pids it doesn't matter you can't map the pid back to the process. It's true that you can wipe the whole shared memory area if it's in userspace, but there are ways to handle that .. Not to mention motivation due to a massive speed up over logger. For instance each app could log to it's own logging area, and the permissions wouldn't allow any other app to write into that area.. You know a DoS process could just not log anything .. There's far too many other ways to kill the system.. Daniel -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists