Displaying 20 results from an estimated 22 matches for "unpriveledged".
2019 Jun 04
2
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...e guest if offered, but to allow for
>> backward-compatibility device implementations allow for it to be
>> left unset by the guest. It is an error to set both this flag and
>> VIRTIO_F_ACCESS_PLATFORM.
>
>
> OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
> drivers. This is why devices fail when it's not negotiated.
Just to clarify, what do you mean by unprivileged drivers? Is it drivers
implemented in guest userspace such as with VFIO? Or unprivileged in
some other sense such as needing to use bounce buffers for some reason?
> This conf...
2019 Jun 04
2
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...e guest if offered, but to allow for
>> backward-compatibility device implementations allow for it to be
>> left unset by the guest. It is an error to set both this flag and
>> VIRTIO_F_ACCESS_PLATFORM.
>
>
> OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
> drivers. This is why devices fail when it's not negotiated.
Just to clarify, what do you mean by unprivileged drivers? Is it drivers
implemented in guest userspace such as with VFIO? Or unprivileged in
some other sense such as needing to use bounce buffers for some reason?
> This conf...
2019 Jun 28
2
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...backward-compatibility device implementations allow for it to be
>> >> left unset by the guest. It is an error to set both this flag and
>> >> VIRTIO_F_ACCESS_PLATFORM.
>> >
>> >
>> > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
>> > drivers. This is why devices fail when it's not negotiated.
>>
>> Just to clarify, what do you mean by unprivileged drivers? Is it drivers
>> implemented in guest userspace such as with VFIO? Or unprivileged in
>> some other sense such as needing to use bou...
2019 Jun 28
2
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...backward-compatibility device implementations allow for it to be
>> >> left unset by the guest. It is an error to set both this flag and
>> >> VIRTIO_F_ACCESS_PLATFORM.
>> >
>> >
>> > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
>> > drivers. This is why devices fail when it's not negotiated.
>>
>> Just to clarify, what do you mean by unprivileged drivers? Is it drivers
>> implemented in guest userspace such as with VFIO? Or unprivileged in
>> some other sense such as needing to use bou...
2001 Feb 24
6
SU vs. ssh root@host
...nnot be
trusted without trusting any instructions the shell uses, from library calls
to rc scripts. Hell, the instructions the shell uses can't even be trusted,
since they're all living in userspace memory.
By contrast, SSHD is generally a root owned, highly secure environment
with no unpriveledged userspace dependancies.
So: For what possible reason would I want to su to root, or any other
account, instead of simply authenticating with the correct UID in the first
place?
What comes to mind is the concept that only certain users might be
allowed to su to root, and that by forcing t...
2019 Jul 14
3
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...;> left unset by the guest. It is an error to set both this flag and
>> >> >> VIRTIO_F_ACCESS_PLATFORM.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
>> >> > drivers. This is why devices fail when it's not negotiated.
>> >>
>> >> Just to clarify, what do you mean by unprivileged drivers? Is it drivers
>> >> implemented in guest userspace such as with VFIO? Or unprivileged in
>> >>...
2019 Jul 14
3
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...;> left unset by the guest. It is an error to set both this flag and
>> >> >> VIRTIO_F_ACCESS_PLATFORM.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
>> >> > drivers. This is why devices fail when it's not negotiated.
>> >>
>> >> Just to clarify, what do you mean by unprivileged drivers? Is it drivers
>> >> implemented in guest userspace such as with VFIO? Or unprivileged in
>> >>...
2019 May 20
0
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...flag should be set by the guest if offered, but to allow for
> backward-compatibility device implementations allow for it to be
> left unset by the guest. It is an error to set both this flag and
> VIRTIO_F_ACCESS_PLATFORM.
OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
drivers. This is why devices fail when it's not negotiated.
This confuses me.
If driver is unpriveledged then what happens with this flag?
It can supply any address it wants. Will that corrupt kernel
memory?
--
MST
2019 Jun 04
0
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...ow for
> >> backward-compatibility device implementations allow for it to be
> >> left unset by the guest. It is an error to set both this flag and
> >> VIRTIO_F_ACCESS_PLATFORM.
> >
> >
> > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
> > drivers. This is why devices fail when it's not negotiated.
>
> Just to clarify, what do you mean by unprivileged drivers? Is it drivers
> implemented in guest userspace such as with VFIO? Or unprivileged in
> some other sense such as needing to use bounce buffers for som...
2019 Jul 15
0
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...est. It is an error to set both this flag and
> >> >> >> VIRTIO_F_ACCESS_PLATFORM.
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
> >> >> > drivers. This is why devices fail when it's not negotiated.
> >> >>
> >> >> Just to clarify, what do you mean by unprivileged drivers? Is it drivers
> >> >> implemented in guest userspace such as with VFIO? Or unprivileged...
2019 Jul 01
0
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
...to be
> >> >> left unset by the guest. It is an error to set both this flag and
> >> >> VIRTIO_F_ACCESS_PLATFORM.
> >> >
> >> >
> >> >
> >> >
> >> > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged
> >> > drivers. This is why devices fail when it's not negotiated.
> >>
> >> Just to clarify, what do you mean by unprivileged drivers? Is it drivers
> >> implemented in guest userspace such as with VFIO? Or unprivileged in
> >> some other sense s...
2019 Aug 05
1
[PATCH V2 7/9] vhost: do not use RCU to synchronize MMU notifier with worker
...> > write our own version of uaccess macros. Add a "high security" flag to
> > the vhost module and if not active use these for userspace memory
> > access.
>
>
> Or using SET_BACKEND_FEATURES?
No, I don't think it's considered best practice to allow unpriveledged
userspace control over whether kernel enables security features.
> But do you mean permanent GUP as I did in
> original RFC https://lkml.org/lkml/2018/12/13/218?
>
> Thanks
Permanent GUP breaks THP and NUMA.
> >
> >
2019 Apr 17
4
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
Michael S. Tsirkin <mst at redhat.com> writes:
> On Thu, Mar 21, 2019 at 09:05:04PM -0300, Thiago Jung Bauermann wrote:
>>
>> Michael S. Tsirkin <mst at redhat.com> writes:
>>
>> > On Wed, Mar 20, 2019 at 01:13:41PM -0300, Thiago Jung Bauermann wrote:
>> >> >From what I understand of the ACCESS_PLATFORM definition, the host will
>>
2019 Apr 17
4
[RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
Michael S. Tsirkin <mst at redhat.com> writes:
> On Thu, Mar 21, 2019 at 09:05:04PM -0300, Thiago Jung Bauermann wrote:
>>
>> Michael S. Tsirkin <mst at redhat.com> writes:
>>
>> > On Wed, Mar 20, 2019 at 01:13:41PM -0300, Thiago Jung Bauermann wrote:
>> >> >From what I understand of the ACCESS_PLATFORM definition, the host will
>>
2007 Jul 03
15
Puppet as a push model
I just started digging into puppet and it looks like puppet is using a
pull model. You have a master server and clients talk to it to get
config info.
Is anyone out there using a push model? If not, why not? Are there
security reasons you would use one over the other?
It seems that cfengine also uses a push model, so I wondered if this is
a "standard" or if there are specific
1997 Feb 18
0
Abuse of the syslog facility
Any unpriveledged user can abuse the syslog facility in an interesting
way. The following example is a good one that can put misleading
information in the logs.
-------------------------------
#include <syslog.h>
void main(void){
const char *mesg1 = "hda: read_intr: status=0x59 { SeekComplete
DataRequ...
1996 Nov 14
0
Re: Re: t bit and symlinks patch
...le
creates many posible exploits.
When the translation is enabled, it is even more important than
usual to protect the directories (as well as the files) in:
- /etc tree
- /usr tree and all other sources of executables
- /tmp and other shared directories
- User''s (priveledged and unpriveledged) home directories.
dot files are now vulnerable even if they exist and have
strict permissions.
As far as implementation, I also find kernel routines which return
strings by returning pointers to statically allocated characters
to be a BAD IDEA(tm). Are these patches only inside routines...
2019 Aug 02
2
[PATCH V2 7/9] vhost: do not use RCU to synchronize MMU notifier with worker
On Fri, Aug 02, 2019 at 05:40:07PM +0800, Jason Wang wrote:
> Btw, I come up another idea, that is to disable preemption when vhost thread
> need to access the memory. Then register preempt notifier and if vhost
> thread is preempted, we're sure no one will access the memory and can do the
> cleanup.
Great, more notifiers :(
Maybe can live with
1- disable preemption while using
2019 Aug 02
2
[PATCH V2 7/9] vhost: do not use RCU to synchronize MMU notifier with worker
On Fri, Aug 02, 2019 at 05:40:07PM +0800, Jason Wang wrote:
> Btw, I come up another idea, that is to disable preemption when vhost thread
> need to access the memory. Then register preempt notifier and if vhost
> thread is preempted, we're sure no one will access the memory and can do the
> cleanup.
Great, more notifiers :(
Maybe can live with
1- disable preemption while using
2004 Aug 06
4
A few Newbie Questions
You're going to need root access. Presumably you have it if you have
control over icecast.
You could do a simple adduser. Then use your favorite editor and open up
the /etc/passwd file (again as root). You'll need to read up on what each
of the fields are, but in short you'll want to * the password
field for that new user. You'll also want to change the shell to
/bin/false.