From: Oleg Nesterov <oleg@redhat.com>
To: Roland McGrath <roland@redhat.com>
Cc: Dario Faggioli <raistlin@linux.it>,
Thomas Gleixner <tglx@linutronix.de>,
linux-kernel <linux-kernel@vger.kernel.org>,
torbenh <torbenh@gmx.de>,
john.stultz@linaro.org, Ingo Molnar <mingo@elte.hu>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH] Read THREAD_CPUTIME clock from other processes.
Date: Fri, 7 Jan 2011 20:35:47 +0100 [thread overview]
Message-ID: <20110107193547.GA28634@redhat.com> (raw)
In-Reply-To: <20110107192809.05CFF40467@magilla.sf.frob.com>
On 01/07, Roland McGrath wrote:
>
> This can certainly be enhanced, but it opens some cans of worms about the
> security question. It is probably still considered an unsafe information
> leak to let every process examine every other process's thread clocks.
Yes, I was worried about possible security issues too. But, it seems,
/proc/pid/task/tid/stat (do_task_stat) shows ->utime/stime anyway.
And /proc/schedstat shows sum_exec_runtime.
> I'll leave that judgement to security folks.
Agreed.
> As well as the information leak, it is most certainly a DoS attack vector
> to allow one process to set CPU timers an another process or its threads.
No, the suggested change doesn't go that far, afaics. It only modifies
check_clock: this affects clock_getres and clock_set (which does nothing),
and posix_cpu_clock_get: affects clock_gettime().
Oleg.
next prev parent reply other threads:[~2011-01-07 19:43 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-23 16:21 [PATCH] Read THREAD_CPUTIME clock from other processes Dario Faggioli
2010-12-23 16:44 ` Oleg Nesterov
2010-12-23 17:38 ` Dario Faggioli
2010-12-23 18:12 ` Oleg Nesterov
2010-12-24 11:36 ` Dario Faggioli
2010-12-23 17:21 ` Randy Dunlap
2010-12-23 17:43 ` Dario Faggioli
2010-12-28 10:55 ` [PATCH resend] Reading POSIX CPU timer from outside the process Dario Faggioli
2010-12-28 16:38 ` Oleg Nesterov
2010-12-28 21:38 ` Dario Faggioli
2010-12-29 13:21 ` Oleg Nesterov
2010-12-29 14:10 ` Dario Faggioli
2010-12-29 18:30 ` Oleg Nesterov
2010-12-30 17:45 ` torbenh
2011-01-04 11:01 ` Dario Faggioli
2011-01-06 16:06 ` torbenh
2011-01-07 19:28 ` [PATCH] Read THREAD_CPUTIME clock from other processes Roland McGrath
2011-01-07 19:35 ` Oleg Nesterov [this message]
2011-01-07 19:50 ` Roland McGrath
2011-01-07 19:49 ` Oleg Nesterov
2011-01-07 19:58 ` Roland McGrath
2011-01-07 19:56 ` Peter Zijlstra
2011-01-08 11:12 ` Dario Faggioli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110107193547.GA28634@redhat.com \
--to=oleg@redhat.com \
--cc=john.stultz@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=raistlin@linux.it \
--cc=roland@redhat.com \
--cc=tglx@linutronix.de \
--cc=torbenh@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.