Richard Braun, le Thu 12 Sep 2013 10:57:25 +0200, a écrit : > On Thu, Sep 12, 2013 at 10:38:31AM +0200, Samuel Thibault wrote: > > Richard Braun, le Thu 12 Sep 2013 10:33:23 +0200, a écrit : > > > Then why are we discussing interposing system calls ? > > > > Because a malicious program can still use the trap to escape whatever > > cgroup system we are setting up. > > I suggest we simply disable the trap versions.
Ah, right. I don't have the time to dive into the details, but in the end, couldn't we switch to making task_create rather a proc RPC, rather than relying on process nicely calling the proc proc_child RPC after having created the task? proc would be doing the "kernel" task_create RPC on behalf of the process. The main proc server would actually make a kernel RPC, a sub-hurd proc server would nicely ask for it, thus not having to be root. Samuel
