Re: Running Untrusted Code in a Restricted Process

jesse hammons (jhammons@bigteam.org)
Fri, 9 Jun 2000 18:13:59 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Resend: PS/2 problem - kernel list appears broken"
Previous message: =?iso-8859-1?Q?Christoph_Br=FCninghaus?=: "[tigran@veritas.com: Re: incorrect modules.dep with 2.4.0-test1]"
In reply to: Jeff Dike: "Re: Running Untrusted Code in a Restricted Process"

> I better way to do this (IMHO) is with a dedicated sandbox arrangement. My
> user-mode port of the kernel (http://user-mode-linux.sourceforge.net) is one.
> It gives you a virtual machine whose disk space consumption, cpu consumption,
> memory comsumption, and network traffic can be completely controlled.
>
> Plus, it's all in user-space. Nothing needs to be added to the kernel at all.

That *is* probably a better way. Do you have any statistics on
resource usage? I would guess having the entire kernel in a user process
would take up several megabytes.

The advantage of sandbox code is that there is not much more overhead than
just regular process. Also the added code can mostly be a loadable
module/software device, it doesn't have to be in the kernel proper.

Imagine 10 different running untrusted code on a virtual machine. Would
that work on a machine with 128Mb? I suppose all of the code segment can
be shared among those processes, but how big is the user mode kernel data
segment?

-Jesse

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Resend: PS/2 problem - kernel list appears broken"
Previous message: =?iso-8859-1?Q?Christoph_Br=FCninghaus?=: "[tigran@veritas.com: Re: incorrect modules.dep with 2.4.0-test1]"
In reply to: Jeff Dike: "Re: Running Untrusted Code in a Restricted Process"