Jamie Lokier wrote:
>
> > > It's probably possible to lie to the process for gettimeofday and signal
> > > operations though -- have the kernel unmap the page for those processes,
> >
> > [for _all_ processes, as this is supposed to be a global mapping]
>
> You can use a global mapping but have an explicit flush_tlb_page
> when switching to one of these special tasks.
i'd like to avoid this kind of special cases, they all have a cost.
We're talking about feeding a hostile process bogus data and the process
attempting counter measures -- (hopefully) a very rare scenario in RL.
So the cost does not seem to justified, simply turning off the
usermode-syscalls and unmapping the data globally should be ok.
(this is kind of what i'd like to do for ptrace anyway)
That way only a system that needs this feature has to pay the price.
[there might be a better solution, but i need to do some benchmarking
first]
> Well, if it's possible in user space, we leave it to the author of that
> tricky sandbox program to solve the details :-)
hmm, i can't see a way to do this 100% transparently, not w/o further
restrictions (turning off rdtsc, artifically reducing/altering timings etc).
I don't think it's a big problem though, as long it's possible to turn off
the information leakage.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:14 EST