lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 9 Aug 2015 19:48:15 -0700 (PDT)
From:	David Lang <david@...g.hm>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Daniel Mack <daniel@...que.org>, Tom Gundersen <teg@...m.no>,
	"Kalle A. Sandstrom" <ksandstr@....fi>,
	Borislav Petkov <bp@...en8.de>,
	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	Havoc Pennington <havoc.pennington@...il.com>,
	Djalal Harouni <tixxdz@...ndz.org>,
	Andy Lutomirski <luto@...capital.net>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	cee1 <fykcee1@...il.com>, David Herrmann <dh.herrmann@...il.com>
Subject: Re: kdbus: to merge or not to merge?

On Sun, 9 Aug 2015, Greg Kroah-Hartman wrote:

> The issue is with userspace clients opting in to receive all
> NameOwnerChanged messages on the bus, which is not a good idea as they
> constantly get woken up and process them, which is why the CPU was
> pegged.  This issue should now be fixed in Rawhide for some of the
> packages we found that were doing this. Maintainers of other packages
> have been informed.  End result, no one has ever really tested sending
> "bad" messages to the current system as all existing dbus users try to
> be "good actors", thanks to Andy's testing, these apps should all now
> become much more robust.

Does it require elevated privileges to opt to receive all NameOwnerChanged 
messages on the bus? Is it the default unless the apps opt for something more 
restrictive? or is it somewhere in between?

I was under the impression that the days of writing system-level stuff that 
assumes that all userspace apps are going to 'play nice' went out a decade or 
more ago. It's fine if the userspace app can kill itself, or possibly even the 
user it's running as, but being able to kill apps running as other users, let 
alone the whole system is a problem nowdays.

It may be able to happen in a default system, but this is why cgroups and 
namespaces have been created, to give the system admin the ability to limit the 
resources that any one app can consume. Introducing a new mechanism that allows 
one user to consume resources allocated to another and kill the system without 
providing a kernel level mechanism to limit the damage (as opposed to fixing 
individual apps) seems rather short-sighted at best.

David Lang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ