Stephen Smalley wrote: >On Mon, 7 Oct 2002, Crispin Cowan wrote: > > >>Anticipating predictable rebuttal :) aside from processor affinity, have >>we also closed all of the other trivial ways that a local user/process >>can DoS a machine into the ground by consuming gobs of resources? Fork >>bombing, consuming as much memory as possible, thrashing all levels of >>cache and disk, flooding network connections, etc. I'm not convinced >>that we even come close to preventing local DoS. >> >> >I'd agree that preventing a local DOS is not a goal of LSM. But the fact >that setaffinity/getaffinity can set and get an element of state of >another process means that you need to be able to control them to enforce >any kind of mandatory access control policy, whether MLS or TE or ... > That sounds kind of promising ... can you elaborate? I don't see how being able to mess with some other process's affinity does anything other than affect performance. How does this impinge on enforcing mandatory access controls? Disclaimer: I'm not trying to be difficult. I think it's obvious that we should have an affinity hook. I'm trying to help build a defense if we get pushback from you-know-who :) Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 01:53:45 PDT