John Levon <levon@xxxxxxxxxxxxxxxxx> wrote on 16/10/2006 15:21:43:
> On Mon, Oct 16, 2006 at 01:51:24PM +0200, Yaakov Yaari wrote:
>
> > The requirement to run opcontrol as a root is a known limitation of
> > oprofile. Basically, we want to keep opcontrol as a root-mode command,
> > while allowing user-mode clients to access this functionality.
>
> You still can't solve the problem of /safely/ disallowing counter
> settings that may kill the box. The minimum count reset values are
> mostly a guess not a reliable barrier to a malicious unprivileged user.
The server code accepts opcontrol commands and process them before actual
execution. It can, in principle, apply rules that will disallow counts
below a given threshold[event], or even set it to this minimum. However, I
agree that it is not a simple task to defend against malicious users in the
general case.
---
Yaakov Yaari
Code Optimization Technologies
IBM Haifa Research Lab
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
|
