[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PATCH: proc_do_stop and rpctrace
From: |
Marcus Brinkmann |
Subject: |
Re: PATCH: proc_do_stop and rpctrace |
Date: |
Sat, 9 Aug 2003 23:48:47 +0200 |
User-agent: |
Mutt/1.5.4i |
On Sat, Aug 09, 2003 at 05:33:29PM -0400, Roland McGrath wrote:
> The concern I have about this patch per se is proc calling thread_resume on
> a random port from the user. This is at least a DoS opportunity.
Oh yeah, that's true, and I admit I didn't really think of it.
> It also
> points to a more general problem rpctrace has--servers make comparisons
> between ports from the user (rpctrace) and ports outside rpctrace's sphere
> of interposition. I bet "rpctrace ln foo bar" (dir_link) gets EXDEV too.
That could be expected. This is probably unfixable.
I have mixed feelings about this. One thing is that there are lots of
problems in the Hurd like the DoS attack above. But of course that's not
really a good reason to put in another one. So if you think I should revert
the patch, I will do.
For the future, I am really working on the L4 port, and there things will be
different enough to not worry much about what would be a way to do it in
Mach.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org address@hidden
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/