On Tue, Jan 09, 2018 at 03:07:07PM -0600, Eric W. Biederman wrote:
> > In fact that's what I liked with the wrapper approach, except that it
> > had the downside of being harder to manage in terms of administration
> > and we'd risk to see it used everywhere by default. The arch_prctl()
> > approac
Willy Tarreau writes:
> Hi Eric,
>
> On Tue, Jan 09, 2018 at 09:31:27AM -0600, Eric W. Biederman wrote:
>> The dangerous scenario is someone exploting a buffer overflow, or
>> otherwise getting a network facing application to misbehave, and then
>> using these new attacks to assist in gaining pri
Is is possible to put per-task PTI control interface into cgroup or
other interfaces? Enabling/disabling per-task PTI should be a decision
from the system administrator not the application itself.
On 2018/1/9 18:02, Willy Tarreau wrote:
Hi Eric,
On Tue, Jan 09, 2018 at 09:31:27AM -0600, Eric
Hi Eric,
On Tue, Jan 09, 2018 at 09:31:27AM -0600, Eric W. Biederman wrote:
> The dangerous scenario is someone exploting a buffer overflow, or
> otherwise getting a network facing application to misbehave, and then
> using these new attacks to assist in gaining privilege escalation.
For most use
Willy Tarreau writes:
> Hi!
>
> I could experiment a bit with the possibility to enable/disable PTI per
> task. Please keep in mind that it's not my area of experitise at all, but
> doing so I could recover the initial performance without disabling PTI on
> the whole system.
>
> So what I did in
On 01/08/2018 09:06 AM, Willy Tarreau wrote:
> On Mon, Jan 08, 2018 at 08:59:54AM -0800, Dave Hansen wrote:
>> On 01/08/2018 08:12 AM, Willy Tarreau wrote:
>>> I could experiment a bit with the possibility to enable/disable PTI per
>>> task. Please keep in mind that it's not my area of experitise a
* Dave Hansen wrote:
> On 01/08/2018 08:12 AM, Willy Tarreau wrote:
> > I could experiment a bit with the possibility to enable/disable PTI per
> > task. Please keep in mind that it's not my area of experitise at all, but
> > doing so I could recover the initial performance without disabling PTI
On Mon, Jan 08, 2018 at 08:59:54AM -0800, Dave Hansen wrote:
> On 01/08/2018 08:12 AM, Willy Tarreau wrote:
> > I could experiment a bit with the possibility to enable/disable PTI per
> > task. Please keep in mind that it's not my area of experitise at all, but
> > doing so I could recover the init
On 01/08/2018 08:12 AM, Willy Tarreau wrote:
> I could experiment a bit with the possibility to enable/disable PTI per
> task. Please keep in mind that it's not my area of experitise at all, but
> doing so I could recover the initial performance without disabling PTI on
> the whole system.
This cc
Hi!
I could experiment a bit with the possibility to enable/disable PTI per
task. Please keep in mind that it's not my area of experitise at all, but
doing so I could recover the initial performance without disabling PTI on
the whole system.
So what I did in this series consists in the following
10 matches
Mail list logo
