Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I am reading a chapter Sytem Protection of operating system of Peter Baer Galvin.
Inside the chapter there is a paragraph inside a subtopic Principles of Protection which I m not able to understand .
An operating system following the principles of least privilege
implements its features, programs ,system calls, and data structures
so that failure or compromise of a component does the minimum damage
and allows the minimum damage to be done. The overflow of a buffer in
a system daemon might cause the daemon to fail, for example ,but
should not allow the execution of code from the process's stack that
would enable a remote user to gain maximum privileges and access to
the entire system (as happens too often today).
Please help me to understand this pragraph.
Basically, the developers of a hardened (inherently relatively secure) OS should follow common sense and give a non-kernel process the absolute minimal amount of access it needs to do its job. If you don't do this, then anything executing at kernel privilege level can potentially crash the system or, worse, compromise it and wreak havoc on the system's data.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed yesterday.
Improve this question
I know it's generally considered as insecure, but it really depends on situation. I don't want to replace valid screen lock, I want to have possibility to choose based on situation. 2 sample usecases:
kids: I want to enable her to watch show, but I would like to block 'work cooperation' on any of mine projects, and I need not to have spare hw available
at secure work site: any college need not to poke at my screen, he can trivially clone/get whatever he wants, because he has same access. So I would like to lock screen against jokers who would like to write something under my name, but while helping someone I'd like progress of some process going on my screen. Ie. ANY monitoring screen, where we want to show status 24*7, but disallow unauthorized input.
I don't expect even naive hacking attempts in these usecases, so not 100% bulletproof lock is fine.
Some time ago, there was project named pyxtrlock, but it was deprecated. Is there some replacement? Or is there better way how to secure monitoring systems?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
When I first learned Linux, I was told almost everything in Linux is file. This morning, when I repeated it to my girlfriend. She asked what is not? I tried to find an example for half a day.
So my question is what is not file in Linux?
Almost. Almost everything in Posix is handled through a file descriptor. This means that the same functions used for file operations also apply for pipes, sockets, and hardware devices. This also means that if you use select (or one of its better alternatives), you can have one point in your program where you wait for all possible inputs.
With that said, some things in Posix, and in particular, in Linux, are definitely not files.
The most obvious ones are signals. They are handled asynchronously to the program's execution, and therefor cannot take on a file interface. For that purpose, pselect and one of its better alternatives were invented.
Things more subtly not files are thread synchronization constructs (mutexs, semaphores, etc.). Some attempt have been made to make those available as file descriptors as well (see signalfd and eventfd), but those hardly caught on. I believe that this is due, in large part, for them having a vastly different performance profiles than the ususal way of handling them.
for example computer hardware (CPU, RAM, Etc) is not actually a file, but it is represented as a file in linux.
More details here
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am just wondering how a fork bomb works, I know that there are similar questions but the answers aren't quite what I am looking for (or maybe I just haven't been able to come across one)
How does it work in terms of processes?
Do children keep being produced and then replicating themselves? is the only way to get out of it is by rebooting the system?
Are there any long lasting consequences on the system because of a fork bomb?
Thanks!
How does it work in terms of processes?
It creates so many processes that the system is not able to create any more.
Do children keep being produced and then replicating themselves?
Yes, fork in the name means replication.
is the only way to get out of it is by rebooting the system?
No, it can be stopped by some automated security measures, eg. limiting the number of processes per user.
Are there any long lasting consequences on the system because of a fork bomb?
A fork bomb itself does not change any data but can temporarily (while it runs) cause timeouts, unreachable services or OOM. A well-designed system should handle that but, well, reality may differ.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
This may be a simple question but, I heard that the only rule in working on the kernel is that you don't break "user space". So I was wondering what that means: To break user space and how does it happen?
Edit
It has been pointed out to me that this question is not suited for Stack Over Flow by #lurker so I will move it to Super User as #lurker suggests. (See below)
"Questions about general computing hardware and software are off-topic for Stack Overflow unless they directly involve tools used primarily for programming. You may be able to get help on Super User." – lurker, jww, SilentKiller
You're referring to Linus Torvald's first rule of kernel development. This note explains it: https://lkml.org/lkml/2012/12/23/75. I.e., when maintaining the kernel, do not do something which breaks user programs/applications. In other words, when making kernel changes, it is very bad to cause problems in the user's application "space". That doesn't literally mean memory. That means anything that impacts the user applications in a way that negatively affects its behavior (causes the program to malfunction). The note I cite also indicates at least one example.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I understand that /proc/* contains directories that are actually PIDs.
I have a custom process that is killed and spawned every few minutes.
What are the chances of a PID (for example, 1009) getting reused by the custom process? (After wrapping around pid_max)
Is it likely enough to happen that my code should deal with it?
High enough that you should expect it to happen and be prepared to deal with it. The actual probability will of course depend on how often other processes are being created on your system. There is certainly no guarantee that it won't happen, though, so you must assume that it will.
"What are the odds" is a statistics question, and the answer depends on how many other processes there are, and how often they fork() and how often they exit(), so the exact answer is difficult to calculate. Anywhere between "almost impossible to happen" and "nearly guaranteed to happen every minute."
If the question is "could this happen in my lifetime and should I handle that in my code" then the answer is yes.