Re: (pspace,pid) vs true pid virtualization

From: Kirill Korotaev
Date: Mon Feb 20 2006 - 05:24:24 EST

Next message: Matthew Garrett: "Re: [PATCH 2.6.15.3 1/1] ACPI: Atlas ACPI driver"
Previous message: David Howells: "Re: [PATCH 2/2] strndup_user (v3), convert (keyctl)"
In reply to: Sam Vilain: "Re: (pspace,pid) vs true pid virtualization"
Next in thread: Kirill Korotaev: "Re: (pspace,pid) vs true pid virtualization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

this is mandatory, as it is required to kill any process
from the host (admin) context, without entering the pid
space (which would lead to all kind of security issues)

Giving admin processes the ability to enter pid spaces seems like it
solves an entire class of problems, right?. Could you explain a bit
what kinds of security issues it introduces?

Enter is not always possible.
For example when you have exhausted your resources in VPS.
(e.g. hit process limit inside).
And you can't make enter without resource limitations, since it will be a security hole then.

Kirill

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matthew Garrett: "Re: [PATCH 2.6.15.3 1/1] ACPI: Atlas ACPI driver"
Previous message: David Howells: "Re: [PATCH 2/2] strndup_user (v3), convert (keyctl)"
In reply to: Sam Vilain: "Re: (pspace,pid) vs true pid virtualization"
Next in thread: Kirill Korotaev: "Re: (pspace,pid) vs true pid virtualization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]