From: Bakul Shah <bakul+plan9@bitblocks.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] security questions
Date: Fri, 17 Apr 2009 11:29:53 -0700 [thread overview]
Message-ID: <20090417182953.B49D55B24@mail.bitblocks.com> (raw)
In-Reply-To: Your message of "Fri, 17 Apr 2009 08:14:12 EDT." <9ab217670904170514u621d72bfwc2ddab44c58b80c1@mail.gmail.com>
On Fri, 17 Apr 2009 08:14:12 EDT "Devon H. O'Dell" <devon.odell@gmail.com> wrote:
> 2009/4/17 erik quanstrom <quanstro@quanstro.net>:
> >> What if each user can have a separate IP stack, separate
> >> (virtualized) interfaces and so on?
> >
> > already possible, but you do need 1 physical ethernet
> > per ip stack if you want to talk to the outside world.
>
> I'm sure it wouldn't be hard to add a virtual ``physical'' interface,
> even though that seems a little bit pervasive, given the already
> semi-virtual nature due to namespaces. Not sure how much of a hassle
> it would be to make multiple stacks bindable to a single interface...
> but perhaps that's the better way to go?
You'd have to add a packet classifier of some sort. Packets
to host A get delivered to logical interface #1, host B get
delivered to #2 and so on. Going out is not a problem.
Alternatively put each virtual host on a different VLAN (if
your ethernet controller does VLANs).
> >> But you'd have to implement some sort of limits on
> >> oversubcribing (ratio of virtual to real resources). Unlike
> >> securitization in the hedge fund world.
> >
> > this would add a lot of code and result in the same problem
> > as today =97 you can be run out of a criticial resource.
>
> Oversubscribing is the root of the problem. In fact, even if it was
> already done, on a terminal server, imagmem is also set to kpages. So
> if someone found a way to blow up the kernel's draw buffer, boom. I
> don't know how far reaching that is, as I've never really seen the
> draw code.
If you are planning to open up a system to the public, then
provisioning for the peak use of your system will result in a
lot of waste (even if you had the resources to so provision).
Even your ISP uses oversubscription (probably by a factor of
100, if not more. If his upstream data pipes give him N bps,
he will give out 100N bps of total bandwidth to his
customers. If you want guaranteed bandwidth, you have to
shell out a lot more for a "gold" service level agreement).
What I meant is
a) you need to ensure that a single user can't exceed his resoucre limits,
b) enforce a sensible oversubscription limit (if you oversubscribe
by a factor of 30, don't let in the 31st concurrent user), and
c) very likely you also want to put these users in different
login classes (ala *BSD) and disallow each class to
cumulatively exceed configured resource limit (*BSD
doesn't do this) -- this is where I was thinking of CBQ.
next prev parent reply other threads:[~2009-04-17 18:29 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-16 17:47 Devon H. O'Dell
2009-04-16 18:30 ` erik quanstrom
2009-04-16 19:14 ` Venkatesh Srinivas
2009-04-16 20:10 ` Devon H. O'Dell
2009-04-16 20:19 ` Devon H. O'Dell
2009-04-17 4:48 ` lucio
2009-04-17 5:03 ` Eris Discordia
2009-04-17 9:47 ` lucio
2009-04-17 10:24 ` Eris Discordia
2009-04-17 11:55 ` lucio
2009-04-17 13:08 ` Eris Discordia
2009-04-17 14:15 ` gdiaz
2009-04-17 16:39 ` lucio
[not found] ` <6FD675BC714D323BF959A53B@192.168.1.2>
2009-04-17 16:15 ` Robert Raschke
2009-04-17 20:12 ` John Barham
2009-04-17 21:40 ` blstuart
2009-04-17 16:32 ` [9fans] VMs, etc. (was: Re: security questions) blstuart
2009-04-17 17:11 ` tlaronde
2009-04-17 17:29 ` erik quanstrom
2009-04-17 18:18 ` tlaronde
2009-04-17 19:00 ` erik quanstrom
2009-04-17 18:50 ` blstuart
2009-04-17 18:31 ` blstuart
2009-04-17 18:45 ` erik quanstrom
2009-04-17 18:59 ` blstuart
2009-04-17 19:05 ` erik quanstrom
2009-04-17 20:21 ` blstuart
2009-04-18 14:54 ` erik quanstrom
2009-04-18 16:06 ` Mechiel Lukkien
2009-04-19 20:52 ` blstuart
2009-04-20 17:30 ` [9fans] VMs, etc maht
2009-04-20 17:44 ` erik quanstrom
2009-04-20 17:47 ` Devon H. O'Dell
2009-04-20 17:49 ` maht
2009-04-17 19:39 ` [9fans] VMs, etc. (was: Re: security questions) tlaronde
2009-04-17 21:25 ` blstuart
2009-04-17 21:59 ` tlaronde
2009-04-17 23:41 ` Mechiel Lukkien
2009-04-17 18:59 ` Eris Discordia
2009-04-17 21:38 ` blstuart
[not found] ` <1322FA0842063D3D53C712DC@192.168.1.2>
2009-04-17 20:07 ` J.R. Mauro
2009-04-17 19:02 ` lucio
2009-04-17 21:01 ` blstuart
2009-04-18 5:25 ` lucio
2009-04-19 20:19 ` blstuart
2009-04-17 19:16 ` [9fans] Plan9 - the next 20 years Steve Simon
2009-04-17 19:39 ` J.R. Mauro
2009-04-17 19:43 ` tlaronde
2009-04-17 19:56 ` J.R. Mauro
2009-04-17 20:14 ` Eric Van Hensbergen
2009-04-17 20:18 ` Benjamin Huntsman
2009-04-18 4:26 ` erik quanstrom
2009-04-17 20:29 ` J.R. Mauro
2009-04-18 3:56 ` erik quanstrom
2009-04-18 4:12 ` J.R. Mauro
2009-04-18 4:16 ` erik quanstrom
2009-04-18 5:51 ` J.R. Mauro
2009-04-18 12:52 ` Steve Simon
2009-04-17 20:20 ` John Barham
2009-04-16 20:51 ` [9fans] security questions erik quanstrom
2009-04-16 21:49 ` Devon H. O'Dell
2009-04-16 22:19 ` erik quanstrom
2009-04-16 23:36 ` Devon H. O'Dell
2009-04-17 0:00 ` erik quanstrom
2009-04-17 1:25 ` Devon H. O'Dell
2009-04-17 1:54 ` erik quanstrom
2009-04-17 2:17 ` Devon H. O'Dell
2009-04-17 2:23 ` erik quanstrom
2009-04-17 2:33 ` Devon H. O'Dell
2009-04-17 2:43 ` J.R. Mauro
2009-04-17 5:48 ` john
2009-04-17 5:52 ` Bruce Ellis
2009-04-17 5:52 ` andrey mirtchovski
2009-04-17 5:57 ` Bruce Ellis
2009-04-17 9:26 ` Charles Forsyth
2009-04-17 10:29 ` Steve Simon
2009-04-17 11:04 ` Mechiel Lukkien
2009-04-17 11:36 ` lucio
2009-04-17 11:40 ` lucio
2009-04-17 11:51 ` erik quanstrom
2009-04-17 12:06 ` erik quanstrom
2009-04-17 13:52 ` Steve Simon
2009-04-17 1:59 ` Russ Cox
2009-04-17 12:07 ` maht
2009-04-17 2:07 ` Bakul Shah
2009-04-17 2:19 ` Devon H. O'Dell
2009-04-17 6:33 ` Bakul Shah
2009-04-17 9:51 ` lucio
2009-04-17 11:34 ` erik quanstrom
2009-04-17 12:14 ` Devon H. O'Dell
2009-04-17 18:29 ` Bakul Shah [this message]
2009-04-17 11:59 ` Devon H. O'Dell
2009-04-17 5:06 ` Eris Discordia
2009-04-17 8:36 ` Richard Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090417182953.B49D55B24@mail.bitblocks.com \
--to=bakul+plan9@bitblocks.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).