[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: L4-Hurd; denial of service in the memory architecture
|
From: |
Niels Möller |
|
Subject: |
Re: L4-Hurd; denial of service in the memory architecture |
|
Date: |
19 Jan 2004 23:24:25 +0100 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
"Christopher Nelson" <address@hidden> writes:
> A container\_t is, for all intents and purposes, a hurd\_cap\_t. If a
> container is shared with another task, the second task may allocate
> frames which count against the container's owner's total allocated
> pages. This must be used with care.
>
>
> ---------
>
> This sounds like a denial of service attack waiting to happen. There
> should be a way to forbid another task from using this capability
> against the owner. Has more thought been given to this scenario yet?
I think the word "share" is used in two different meanings. I also
found that a little confusing when I read it. This is how I understand
it:
If you copy the container capability to another task, that task can
allocate pages into the container. So don't do that with tasks you
don't trust. But the normal way of "sharing" means that the owner
allocates some pages, and lets another task *access* the pages. Then
the other task is not allowed to add any new pages pages into the
container.
/Niels