From: Alexey Gladkov <legion@altlinux.ru>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Cc: ldv@altlinux.org
Subject: Re: [devel] [PATCH hasher-priv v1 1/3] Make a daemon from the hasher-priv
Date: Fri, 2 Oct 2020 01:38:05 +0200
Message-ID: <20201001233805.aqyrn4wpcqofdv2t@comp-core-i7-2640m-0182e6> (raw)
In-Reply-To: <20201001212409.GD1037402@cello>
[-- Attachment #1: Type: text/plain, Size: 1268 bytes --]
On Fri, Oct 02, 2020 at 12:24:09AM +0300, Arseny Maslennikov wrote:
> > This is done to isolate one user from
> > another. You cannot DoS the main server.
>
> So you mean resource exhaustion. What kind of resource?
I didn't mean only them. If the user finds an issue in the session server,
he will not get control of the main daemon. It is much more convenient to
isolate the command flow in a separate process.
> CPU time? A malicious client can uselessly connect to the main daemon,
> send IPC commands, get kicked, repeat.
Yes, the user can try to send a storm of requests to the main daemon, but
the answer is cheap enough. The daemon will check the list of active
sessions and if there is already a session, it will send CMD_STATUS_DONE
to the client (see start_session).
> Open FDs come to mind. It makes sense for the main daemon to close the
> client connection after the serving "session" daemon spawn and the
> response; the main daemon probably already does, it should be obvious
> from the patch.
The main server never takes FDs from the user. The main socket serves only
for opening a session. The connection is closed immediately after a
request to start or close a session (hasher-privd.c:344).
--
Rgrds, legion
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
next prev parent reply other threads:[~2020-10-01 23:38 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] " Alex Gladkov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov
2020-09-17 13:10 ` Arseny Maslennikov
2020-10-01 19:43 ` Alexey Gladkov
2020-10-01 21:24 ` Arseny Maslennikov
2020-10-01 23:38 ` Alexey Gladkov [this message]
2020-09-17 13:10 ` [devel] [PATCH hasher-priv v1 1/3] *literacy* Arseny Maslennikov
2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller.c Arseny Maslennikov
2020-09-17 13:55 ` Arseny Maslennikov
2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c Arseny Maslennikov
2020-10-01 19:47 ` Alexey Gladkov
2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] config.c Arseny Maslennikov
2020-09-18 10:42 ` Dmitry V. Levin
2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] hasher-privd.c Arseny Maslennikov
2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] logging.c Arseny Maslennikov
2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov
2020-09-17 15:09 ` Vladimir D. Seleznev
2020-09-18 10:48 ` Dmitry V. Levin
2020-09-18 10:54 ` Andrey Savchenko
2020-09-18 11:33 ` Dmitry V. Levin
2020-09-18 12:24 ` Arseny Maslennikov
2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] server.conf Arseny Maslennikov
2020-09-18 10:50 ` Dmitry V. Levin
2020-09-18 10:57 ` Arseny Maslennikov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov
2020-06-17 22:31 ` Mikhail Novosyolov
2020-06-17 22:38 ` Mikhail Novosyolov
2020-06-17 22:50 ` Alexey Gladkov
2020-06-17 22:43 ` Alexey Gladkov
2020-06-17 22:53 ` Mikhail Novosyolov
2020-09-17 13:10 ` Arseny Maslennikov
2020-10-01 17:25 ` Alexey Gladkov
2020-10-01 17:50 ` Arseny Maslennikov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 3/3] Add cgroup support Alex Gladkov
2020-09-17 13:11 ` Arseny Maslennikov
2020-10-01 19:17 ` Alexey Gladkov
2020-10-01 20:23 ` Arseny Maslennikov
2020-10-02 0:42 ` Alexey Gladkov
2020-10-02 11:46 ` Arseny Maslennikov
2020-10-02 12:58 ` Alexey Gladkov
2019-12-15 8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin
2019-12-15 23:33 ` Andrey Savchenko
2019-12-16 9:35 ` Dmitry V. Levin
2019-12-29 11:03 ` Alexey Tourbin
2020-03-16 10:34 ` Alexey Gladkov
2020-06-17 22:01 ` Alexey Gladkov
2020-09-17 13:09 ` Arseny Maslennikov
2020-10-01 17:21 ` Alexey Gladkov
2020-10-01 17:44 ` Arseny Maslennikov
2020-10-01 20:01 ` Alexey Gladkov
2020-10-01 21:53 ` Arseny Maslennikov
2020-10-01 23:55 ` Alexey Gladkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201001233805.aqyrn4wpcqofdv2t@comp-core-i7-2640m-0182e6 \
--to=legion@altlinux.ru \
--cc=devel@lists.altlinux.org \
--cc=ldv@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git