Re: [CRIU] [PATCH 1/3] prctl: reduce permissions to change boundaries of data, brk and stack

From: Pavel Emelyanov
Date: Fri Mar 07 2014 - 08:51:21 EST

Next message: Mike Snitzer: "Re: randconfig build error with next-20140307, in drivers/md/dm-era-target.c"
Previous message: Borislav Petkov: "Re: [PATCH] Add option to build with -O3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Eric,

>>>> Why can't you have the process of interest do:
>>>> ptrace(PTRACE_ATTACHME);
>>>> execve(executable, args, ...);
>>>>
>>>> /* Have the ptracer inject the recovery/fixup code */
>>>> /* Fix up the mostly correct process to look like it has been
>>>> * executing for a while.
>>>> */

> 2. What you propose means we have to effectively strace and execve-ing task. As
> compared with plain prlctl this is up to ~600 times slower. I've made such an experiment.

Have you had time to think on the issue? If the prctl restrictions do not work,
what else can it be?

Thanks,
Pavel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Snitzer: "Re: randconfig build error with next-20140307, in drivers/md/dm-era-target.c"
Previous message: Borislav Petkov: "Re: [PATCH] Add option to build with -O3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]