Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261433AbTIZQOj (ORCPT ); Fri, 26 Sep 2003 12:14:39 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261522AbTIZQOj (ORCPT ); Fri, 26 Sep 2003 12:14:39 -0400 Received: from gaia.cela.pl ([213.134.162.11]:1286 "EHLO gaia.cela.pl") by vger.kernel.org with ESMTP id S261433AbTIZQOi (ORCPT ); Fri, 26 Sep 2003 12:14:38 -0400 Date: Fri, 26 Sep 2003 18:14:17 +0200 (CEST) From: Maciej Zenczykowski To: Ruth Ivimey-Cook cc: Ingo Molnar , Linux Kernel Mailing List Subject: Re: Syscall security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > >Unfortunately sometimes the data transfer through stdio can be counted in > >hundreds of MB (or even in extreme cases a couple of GB), plus it is > > Would running the process under user-mode linux help any? (I'm not sure) I think that's trying to kill a fly with a cannon. Especially since afterwards the process in UML would still need to be somehow protected from calling UML syscalls - I'm not quite sure how UML works (never really used it), but I'm assuming it will still allow getuid/gettimeofday etc syscalls. Correct me if I'm wrong _or_ if i'm misinterpreting your idea. Besides sometimes these processes are spawned in the dozens (sometimes they spawn massively with very little CPU intensity, other times very rarely but with massive CPU use) - would I then need a seperate UML kernel per spawn? and if not then how would this help? Thx, MaZe. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/