From: Paul_Woegerer@mentor.com (Woegerer, Paul)
Subject: [lttng-dev] lttng enable-channel option for blocking
Date: Fri, 27 Apr 2012 13:50:11 +0200 [thread overview]
Message-ID: <4F9A87F3.5090504@mentor.com> (raw)
In-Reply-To: <20120427113321.GA6987@Krystal>
On 04/27/2012 01:33 PM, Mathieu Desnoyers wrote:
> A core difference between ulimit and user-space tracing is that ulimit
> can only be set within the environment (and access right) of the user
> running the application. System-wide tracing sessions can be initiated
> by users member of the "tracing" group -- giving them the ability to
> potentially DoS an application does not appear to me to be a good
> security practice. Thoughts ?
Hmm, how would that look in practice ? Lets assume there is the web
server which was started by an init-script in runlevel 3. How does a
user that belongs to group tracing hava a chance to DoS the already
running running web server. As far as I understand the trace session
concept every tracing user can only see (and affect) the tracing session
that he initiated. Even if the web server itself runs in a tracing
session (of user wwwrun) other tracing users wouldn't see it when they
do a "lttng list", right ?
--
Paul
--
Paul Woegerer | SW Development Engineer
Mentor Embedded(tm) | Prinz Eugen Stra?e 72/2/4, Vienna, 1040 Austria
P 43.1.535991320
Nucleus? | Linux? | Android(tm) | Services | UI | Multi-OS
Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
next prev parent reply other threads:[~2012-04-27 11:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-26 10:23 Woegerer, Paul
2012-04-26 21:16 ` Mathieu Desnoyers
2012-04-27 7:28 ` Woegerer, Paul
2012-04-27 11:33 ` Mathieu Desnoyers
2012-04-27 11:50 ` Woegerer, Paul [this message]
2012-04-27 12:43 ` Mathieu Desnoyers
2012-04-27 16:15 ` Woegerer, Paul
2012-04-30 14:20 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F9A87F3.5090504@mentor.com \
--to=paul_woegerer@mentor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox