[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMjCObv9Z+Ood9QFA_jSQ2roSEE6C_ip=KeyoChmtyi97UoU7g@mail.gmail.com>
Date: Sun, 12 Nov 2023 11:03:43 +0100
From: Jasper Niebuhr <yjnworkstation@...il.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Willy Tarreau <w@....eu>, akpm@...ux-foundation.org,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
"tytso@....edu" <tytso@....edu>
Subject: Re: [PATCH] exitz syscall
On Sun, Nov 12, 2023 at 2:24 AM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> On Sat, 11 Nov 2023 at 05:24, Willy Tarreau <w@....eu> wrote:
> >
> > IMHO it does not make sense to add a syscall for this, please have a
> > look at prctl(2) instead, which is already used for similar settings.
First of all, I had a look and now absolutely agree with this.
> Honestly, I don't think it makes any sense at all.
>
> If the key manager people can't be bothered to keep track of their
> keys, the kernel certainly shouldn't be bothered with this kind of
> huge hammer.
>
> It looks like an active DoS attack to me, by anybody who just creates
> a huge process and then sits there giggling as the machine comes to a
> complete halt, with the kernel busy zeroing pointless crap.
Fair point.
Do you think it could make sense to enable zeroing on exit only for
ranges of memory (base + len) with a config dictating the max amount
of bytes (or pages or whatever) that a single process is allowed to
flag for zeroing? This way the DoS issue is effectively solved and the
config could always be set to 0 (by default I guess), which would
effectively leave any common system unchanged. The users that actually
want to use this feature could then decide on their own how much it is
worth to them and how big of a task they want the kernel to perform at
max on exit.
> Do it in user space. And if your user space randomly crashes, you have
> other problems - but you can try to use ptrace to catch even that case
> if you care.
>
> Linus
Unfortunately, ptrace is something many, including me, disable on
systems that are meant to be as secure as possible.
Kind Regards,
Jasper
Powered by blists - more mailing lists