From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul_Woegerer@mentor.com (Woegerer, Paul) Date: Fri, 27 Apr 2012 13:50:11 +0200 Subject: [lttng-dev] lttng enable-channel option for blocking In-Reply-To: <20120427113321.GA6987@Krystal> References: <4F992213.2090103@mentor.com> <20120426211627.GB1646@Krystal> <4F9A4A91.7090102@mentor.com> <20120427113321.GA6987@Krystal> Message-ID: <4F9A87F3.5090504@mentor.com> On 04/27/2012 01:33 PM, Mathieu Desnoyers wrote: > A core difference between ulimit and user-space tracing is that ulimit > can only be set within the environment (and access right) of the user > running the application. System-wide tracing sessions can be initiated > by users member of the "tracing" group -- giving them the ability to > potentially DoS an application does not appear to me to be a good > security practice. Thoughts ? Hmm, how would that look in practice ? Lets assume there is the web server which was started by an init-script in runlevel 3. How does a user that belongs to group tracing hava a chance to DoS the already running running web server. As far as I understand the trace session concept every tracing user can only see (and affect) the tracing session that he initiated. Even if the web server itself runs in a tracing session (of user wwwrun) other tracing users wouldn't see it when they do a "lttng list", right ? -- Paul -- Paul Woegerer | SW Development Engineer Mentor Embedded(tm) | Prinz Eugen Stra?e 72/2/4, Vienna, 1040 Austria P 43.1.535991320 Nucleus? | Linux? | Android(tm) | Services | UI | Multi-OS Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.