Re: Shared memory usage

[Valdis . Kletnieks]

On Mon, 16 Jan 2006 09:15:16 EST, "linux-os (Dick Johnson)" said:
> But the customer complained during certification testing
> that shared memory in use is not measured and therefore
> cannot be verified. This means that there may be rogue
> communications channels, using shared memory, in the
> system. I need to prove that there are no such channels
> by metering the shared memory and then accounting for
> every bit shown.

The customer is confused, and your test is broken as designed.

The fact that you look in /proc/meminfo and account for every shared
memory page *at this instant* doesn't mean there isn't a communication
channel *at some other time*. Even if you run a daemon that does nothing
but monitor this usage 10 times a second, and complain if a discrepancy
is found, it *still* won't work:

1) It's racy - 2 processes can mmap() some space during that 0.1 seconds,
transfer the info, and detach the memory without your knowledge.

2) It's racy - if you inquire *while* some other process is in some intermediate
state, causing false positives that will drive the SSO nuts.

The *proper* solution is to use something like SELinux that will flat-out
*prohibit* the attachment of a shared memory segment that isn't permitted.

Attachment: pgp00000.pgp
Description: PGP signature