Helping out friends
The receptionist and the remaining sysadmin were both friends: I wasn't about to leave them in the lurch. Both had left a few months later.
9 posts • joined 3 Apr 2016
Yes, it is a change of semantics. Previously you could find out if someone had recently been looking at, say, /usr/share/dict/words but with the patch you can’t. You can only find out if a file is mapped by a process.
In practice this is not likely to be a big deal: mincore(2) is not exactly heavily used. You can still use mincore(2) to find out if some shared library, for example, is in use because it is mapped. You can’t know whether the pages behind the map are resident or not.
Linux now has a patch: 574823bfab82 ("Change mincore() to count "mapped" pages rather than "cached" pages")
It changes the semantics of mincore(2) to report mapped pages rather than present pages which means that you can no longer use that to determine if a file is present in the cache. You might still be able to mount a timing attack by flushing pages and measuring how long it takes to load the page to determine whether it was present before you loaded it. Whether that makes the attack infeasibly slow I wouldn't like to say.
I do this regularly. I kick off a long-running compile, for example, then I log out because I'm going home and I'm not going to be logged in.
People have worked like this for a long time and now systemd comes along and says, no you can't do that, you must stay at work until 10pm watching your long running build run.
What struck me as especially stupid was the comment that perhaps system users should be exempt from that policy. What's a system user? The user created for that application software you just installed? You're not retrospectively insisting that application software should have its user's uid < 1000 but those uids are informally reserved for system use, not application use.
systemd needs a dose of real-life -- forcing your own desktop world view on everyone is preternaturally arrogant and stupid.
Biting the hand that feeds IT © 1998–2019