On Wed, 9 Oct 2002, Crispin Cowan wrote: > That sounds kind of promising ... can you elaborate? I don't see how > being able to mess with some other process's affinity does anything > other than affect performance. How does this impinge on enforcing > mandatory access controls? I'm not sure that this is fundamentally different than the already existing hooks on operations like setpriority/nice. In any event, for any confidentiality policy (e.g. MLS), the affinity masks of processes can be used as a channel to leak information in violation of the policy if we cannot control setaffinity/getaffinity based on other security attributes (e.g. the pair of MLS levels for the two processes). For an integrity policy, you want to be able to control the ability of a process of less integrity to tamper with the CPU affinity of a process of greater integrity, although the consequence may not be fatal. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 05:52:28 PDT