Re: [patch] [sg]etaffinity hooks

From: Crispin Cowan (crispinat_private)
Date: Wed Oct 09 2002 - 01:52:43 PDT

  • Next message: Wayne Salamon: "Re: New patches"

    Stephen Smalley wrote:
    
    >On Mon, 7 Oct 2002, Crispin Cowan wrote:
    >  
    >
    >>Anticipating predictable rebuttal :) aside from processor affinity, have
    >>we also closed all of the other trivial ways that a local user/process
    >>can DoS a machine into the ground by consuming gobs of resources? Fork
    >>bombing, consuming as much memory as possible, thrashing all levels of
    >>cache and disk, flooding network connections, etc. I'm not convinced
    >>that we even come close to preventing local DoS.
    >>    
    >>
    >I'd agree that preventing a local DOS is not a goal of LSM.  But the fact
    >that setaffinity/getaffinity can set and get an element of state of
    >another process means that you need to be able to control them to enforce
    >any kind of mandatory access control policy, whether MLS or TE or ...
    >
    That sounds kind of promising ... can you elaborate? I don't see how 
    being able to mess with some other process's affinity does anything 
    other than affect performance. How does this impinge on enforcing 
    mandatory access controls?
    
    Disclaimer: I'm not trying to be difficult. I think it's obvious that we 
    should have an affinity hook. I'm trying to help build a defense if we 
    get pushback from you-know-who :)
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX                      http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 01:53:45 PDT