Re: RFC: Network privilege separation.

From: Andi Kleen
Date: Mon Jan 12 2009 - 15:00:43 EST

Next message: Enrik Berkhan: "Re: Reference counting of MMC host driver modules"
Previous message: Steven Rostedt: "Re: [PATCH 2/2] [RESEND] tracing: Add a new workqueue tracer"
In reply to: Rémi Denis-Courmont: "Re: RFC: Network privilege separation."
Next in thread: Rémi Denis-Courmont: "Re: RFC: Network privilege separation."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Expanding the heap,

That's a problem agreed Ok you can just always use very
bss arrays sized for the worst case.

> Getting timestamps.

At least on 64bit that's done in ring 3 only with a vsyscall.

> Waiting on futexes,
> catching signals, polling file descriptors. Seeking, doing vectorized I/O.
> Cloning.

That all can be done by the frontend reading/feeding
data into the pipe. But it shouldn't directly access the user data
to be immune against attacks.

> Codecs don't like to read/write raw video through a pipe...

I don't think that's given. It would need some restructuring,
but I think the end result would be likely worth it.

-Andi

--
ak@xxxxxxxxxxxxxxx -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Enrik Berkhan: "Re: Reference counting of MMC host driver modules"
Previous message: Steven Rostedt: "Re: [PATCH 2/2] [RESEND] tracing: Add a new workqueue tracer"
In reply to: Rémi Denis-Courmont: "Re: RFC: Network privilege separation."
Next in thread: Rémi Denis-Courmont: "Re: RFC: Network privilege separation."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]