[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [future patch] dropping user privileges on demand

On Fri, Aug 22, 2003 at 05:40:23PM +1000, Peter Jeremy wrote:
+> Unless 'syscall' can be evaluated at compile time, this approach adds
+> overhead whereever it is used - and the overhead gets worse as the
+> number of system calls in the set increases.  A particular problem is
+> that the overhead is worst for system calls that aren't caught (in the
+> above, the overhead for open() is trivial but write() would need to go
+> through each of the tests).  A bit-vector provides constant overhead
+> but it's still fairly expensive unless the relevant parts of the vector
+> are already cached.

You are wrong.
In CerbNG, you decide in rules which syscalls should be catched and which not.
And syscalls like read(2) and write(2) are never catched, because it is
just useless. The most expensive policy in syscalls catching is openssh -
it is monitoring 21 syscalls, but most of policies use only few syscalls.

Of course there is overhead, but I haven't heard about security feature
that speeds up system. The only thing we can do, is to decrease overhead.

Pawel Jakub Dawidek                       pawel@dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net