| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Nov 2016 15:45:10 +0100
From: David Herrmann <dh.herrmann@...il.com>
To: "Kirill A. Shutemov" <kirill@...temov.name>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Andy Lutomirski <luto@...capital.net>,
Jiri Kosina <jikos@...nel.org>, Greg KH <greg@...ah.com>,
Hannes Reinecke <hare@...e.com>,
Steven Rostedt <rostedt@...dmis.org>,
Arnd Bergmann <arnd@...db.de>, Tom Gundersen <teg@...m.no>,
Josh Triplett <josh@...htriplett.org>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [RFC v1 00/14] Bus1 Kernel Message Bus
Hi
On Thu, Oct 27, 2016 at 2:45 AM, Kirill A. Shutemov
<kirill@...temov.name> wrote:
> On Wed, Oct 26, 2016 at 10:34:30PM +0200, David Herrmann wrote:
>> Long story short: We have uid<->uid quotas so far, which prevent DoS
>> attacks, unless you get access to a ridiculous amount of local UIDs.
>> Details on which resources are accounted can be found in the wiki [1].
>
> Does only root user_ns uid count as separate or per-ns too?
>
> In first case we will have vitually unbounded access to UIDs.
>
> The second case can cap number of user namespaces a user can create while
> using bus1 inside.
>
> Or am I missing something?
We use the exact same mechanism as "struct user_struct" (as defined in
linux/sched.h). One instance corresponds to each kuid_t currently in
use. This is analogous to task, epoll, inotify, fanotify, mqueue,
pipes, keys, ... resource accounting.
Could you elaborate on what problem you see?
Thanks
David
Powered by blists - more mailing lists