[lttng-dev] lttng enable-channel option for blocking
Woegerer, Paul
Paul_Woegerer at mentor.com
Fri Apr 27 07:50:11 EDT 2012
On 04/27/2012 01:33 PM, Mathieu Desnoyers wrote:
> A core difference between ulimit and user-space tracing is that ulimit
> can only be set within the environment (and access right) of the user
> running the application. System-wide tracing sessions can be initiated
> by users member of the "tracing" group -- giving them the ability to
> potentially DoS an application does not appear to me to be a good
> security practice. Thoughts ?
Hmm, how would that look in practice ? Lets assume there is the web
server which was started by an init-script in runlevel 3. How does a
user that belongs to group tracing hava a chance to DoS the already
running running web server. As far as I understand the trace session
concept every tracing user can only see (and affect) the tracing session
that he initiated. Even if the web server itself runs in a tracing
session (of user wwwrun) other tracing users wouldn't see it when they
do a "lttng list", right ?
--
Paul
--
Paul Woegerer | SW Development Engineer
Mentor Embedded(tm) | Prinz Eugen Straße 72/2/4, Vienna, 1040 Austria
P 43.1.535991320
Nucleus® | Linux® | Android(tm) | Services | UI | Multi-OS
Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
More information about the lttng-dev
mailing list