[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
On Sun, Aug 28, 2011 at 01:03:14PM -0700, Jeff Rizzo wrote:
> I don't pretend to understand the security ramifications regarding
> processor affinity; I do wonder, however, whether it warrants
> requiring elevated privilege (and possible exposure via other code
> in the process which doesn't require root for normal operation) to
> prevent allowing users to pin their own code to a particular cpu by
> default. Are we sure we've made the right (default) tradeoff here?
I am pretty sure. It makes resource consumption attacks easier and
it is not hard to see how to use it to make timing attacks against
cryptographic code in other processes _much_ easier.
Main Index |
Thread Index |