From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 Date: Fri, 2 Oct 2020 01:38:05 +0200 From: Alexey Gladkov To: ALT Linux Team development discussions Message-ID: <20201001233805.aqyrn4wpcqofdv2t@comp-core-i7-2640m-0182e6> References: <9bca7626b593f896de4283cba2d6290ec99eb4f2.1576183643.git.legion@altlinux.org> <20200917131013.GB286846@cello> <20201001194304.oktcp7jqmdgg34pn@comp-core-i7-2640m-0182e6> <20201001212409.GD1037402@cello> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yx3alsioy4izuymb" Content-Disposition: inline In-Reply-To: <20201001212409.GD1037402@cello> Cc: ldv@altlinux.org Subject: Re: [devel] [PATCH hasher-priv v1 1/3] Make a daemon from the hasher-priv X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Oct 2020 23:38:12 -0000 Archived-At: List-Archive: List-Post: --yx3alsioy4izuymb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 02, 2020 at 12:24:09AM +0300, Arseny Maslennikov wrote: > > This is done to isolate one user from > > another. You cannot DoS the main server. >=20 > So you mean resource exhaustion. What kind of resource? I didn't mean only them. If the user finds an issue in the session server, he will not get control of the main daemon. It is much more convenient to isolate the command flow in a separate process. > CPU time? A malicious client can uselessly connect to the main daemon, > send IPC commands, get kicked, repeat. Yes, the user can try to send a storm of requests to the main daemon, but the answer is cheap enough. The daemon will check the list of active sessions and if there is already a session, it will send CMD_STATUS_DONE to the client (see start_session). > Open FDs come to mind. It makes sense for the main daemon to close the > client connection after the serving "session" daemon spawn and the > response; the main daemon probably already does, it should be obvious > from the patch. The main server never takes FDs from the user. The main socket serves only for opening a session. The connection is closed immediately after a request to start or close a session (hasher-privd.c:344). =20 --=20 Rgrds, legion --yx3alsioy4izuymb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQSuzIk+w2aWgaEZLHKOFEXcaOMeVAUCX3ZoXAAKCRCOFEXcaOMe VAmRAKCO999OK8kFheag1mJeB+oj3YA25wCeMvANjekUz389rm1c+4RHffc6jsM= =dngY -----END PGP SIGNATURE----- --yx3alsioy4izuymb--