Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/arch/x86/x86



Maxime Villard wrote:
> In the first mail, you said that it was better to have a all-or-nothing
> sysctl, which is *exactly* what I just committed.

Yes, sysctl is better than giving rdtsc to root only. But "better"
alone isn't strong enough to count me as a supporter.

> In the second one, as a reply to me, you were indeed talking about
> more granular control -- but with vdso, which we don't have, so
> it's basically not doable.

IMO, it's more important to have vdso than to control rdtsc.

> (PS: there is no point in having it done in a note section either, since
> unpriv user can still create a binary with rdtsc enabled and side channel
> the kernel.)

Mount all user-writable partitions with noexec.

-- 
Alex


Home | Main Index | Thread Index | Old Index