[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hacking gnumach to track parental relationship of tasks

From: Richard Braun
Subject: Re: Hacking gnumach to track parental relationship of tasks
Date: Thu, 12 Sep 2013 10:57:25 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Sep 12, 2013 at 10:38:31AM +0200, Samuel Thibault wrote:
> Richard Braun, le Thu 12 Sep 2013 10:33:23 +0200, a écrit :
> > Then why are we discussing interposing system calls ?
> Because a malicious program can still use the trap to escape whatever
> cgroup system we are setting up.

I suggest we simply disable the trap versions... First, we don't use
them, and second, I expect the improvement margin to be very low compared
to the main performance issues we're facing currently. Finally, it
simply goes against the principle of interface virtualization.

Personally, I'm not even comfortable with having any other system call
than mach_msg, since even mach_xxx_self() could be implemented with it,
e.g. as code simply returning a special port. This would also make the
job of tracing tools much easier.

Richard Braun

reply via email to

[Prev in Thread] Current Thread [Next in Thread]