From: "Bill Rugolsky Jr." <rugolsky@ead.dsa.com>
To: Romano Giannetti <romano@dea.icai.upco.es>, linux-kernel@vger.kernel.org
Subject: Re: Disturbing news..
Date: Wed, 28 Mar 2001 09:57:06 -0500 [thread overview]
Message-ID: <20010328095706.B834@ead50> (raw)
In-Reply-To: <20010328163244.D11584@pern.dea.icai.upco.es>; from romano@dea.icai.upco.es on Wed, Mar 28, 2001 at 04:32:44PM +0200
On Wed, Mar 28, 2001 at 04:32:44PM +0200, Romano Giannetti wrote:
> But with the new VFS semantics, wouldn't be possible for a MUA to make a
> thing like the following:
>
> spawn a process with a private namespace. Here a minimun subset of the
> "real" tree (maybe all / except /dev) is mounted readonly. The private /tmp
> and /home/user are substituted by read-write directory that are in the
> "real" tree /home/user/mua/fakehome and /home/user/mua/faketmp. In this
> private namespace, run the "untrusted" binary.
Possible and desirable. You have to turn off access to all the other
dangerous namespaces though, like socket() and shmat(), and make sure
that nosuid and devices are handled properly. Done right, the only thing
that untrusted code can do is consume a little memory, CPU, and disk,
but that's why there are limits and a scheduler. :-)
One might even want to add back limited access to those other namespaces
by implementing a filesystem interface, ala Plan-9/Inferno.
Regards,
Bill Rugolsky
next prev parent reply other threads:[~2001-03-28 14:58 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-03-27 21:29 [PATCH] mm/memory.c, 2.4.1 : memory leak with swap cache (updated) Richard Jerrell
2001-03-27 21:18 ` Rik van Riel
2001-03-27 23:10 ` Richard Jerrell
2001-03-27 22:57 ` Rik van Riel
2001-03-28 0:53 ` Ideas for the oom problem james
2001-03-28 0:52 ` Rik van Riel
2001-03-28 1:14 ` Doug Ledford
2001-03-28 3:21 ` Rik van Riel
2001-03-28 3:41 ` Doug Ledford
2001-03-28 3:53 ` Rik van Riel
2001-03-28 1:39 ` james
2001-03-28 5:52 ` Jonathan Morton
2001-03-28 6:16 ` Disturbing news Shawn Starr
2001-03-28 6:33 ` Disturbing news.. Idea Shawn Starr
2001-04-21 0:43 ` Serious Latency problems : 2.4.4-pre5 Shawn Starr
2001-03-28 7:19 ` Disturbing news Matti Aarnio
2001-03-28 7:27 ` Shawn Starr
2001-03-28 12:08 ` Jesse Pollard
2001-03-28 5:50 ` Ben Ford
2001-03-28 12:50 ` Walter Hofmann
2001-03-28 14:04 ` Simon Williams
2001-03-28 15:04 ` Olivier Galibert
2001-03-28 15:49 ` Simon Williams
2001-03-28 11:57 ` Ben Ford
2001-03-29 8:02 ` Helge Hafting
2001-03-28 17:51 ` Olivier Galibert
2001-03-28 12:53 ` Keith Owens
2001-03-28 13:00 ` Russell King
2001-03-28 14:10 ` Sean Hunter
2001-03-28 15:36 ` john slee
2001-03-28 16:18 ` Jonathan Lundell
2001-04-02 23:10 ` Dr. Kelsey Hudson
2001-03-28 17:29 ` Horst von Brand
2001-03-28 10:00 ` Helge Hafting
2001-03-28 13:25 ` Alexander Viro
2001-03-28 14:32 ` Romano Giannetti
2001-03-28 14:57 ` Bill Rugolsky Jr. [this message]
2001-03-28 14:57 ` Alexander Viro
2001-03-28 16:14 ` Romano Giannetti
2001-03-28 14:38 ` Ideas for the oom problem Hacksaw
2001-03-28 15:56 ` Andreas Rogge
2001-03-28 23:33 ` Hacksaw
2001-03-28 23:47 ` Tim Haynes
2001-03-29 0:12 ` Hacksaw
2001-03-27 21:51 ` [PATCH] mm/memory.c, 2.4.1 : memory leak with swap cache (updated) Linus Torvalds
-- strict thread matches above, loose matches on Subject: below --
2001-03-28 14:15 Disturbing news Jesse Pollard
2001-03-28 14:53 ` Russell King
2001-03-28 14:40 Jesse Pollard
2001-03-28 15:08 ` Russell King
2001-03-29 12:05 ` Walter Hofmann
2001-03-28 14:43 Jesse Pollard
2001-03-28 15:31 Jesse Pollard
2001-03-28 15:43 Jesse Pollard
2001-03-28 15:51 Jesse Pollard
2001-03-28 15:54 ` rmk
2001-03-28 21:19 ` Gerhard Mack
2001-03-29 17:10 Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010328095706.B834@ead50 \
--to=rugolsky@ead.dsa.com \
--cc=linux-kernel@vger.kernel.org \
--cc=romano@dea.icai.upco.es \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox