Re: [PATCH] Sample fix for hyperthread exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Arjan van de Ven <[email protected]> wrote:

> > Also, uid is not sufficient.  Something more comprehensive (like ability
> > to ptrace) would be appropriate.
> 
> I would go a lot simpler. App says "I want exclusivity" via pctl and 
> NOTHING runs on the other half. Well maybe with exceptions of 
> processes that share the mm with the exclusive one (in practice 
> "threads") since those could just read the memory anyway.

this has the disadvantage of needing changes in the security apps.  
Basing this off the uid (or the ability to ptrace) makes it at least 
automatic - but introduces a permanent penalty not only on multiuser 
boxes, but on basically any server box that runs multiple services.

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux