Upload

Loading icon Loading...

This video is unavailable.

Process Isolation for NetBSD and OpenBSD, Kristaps Dzonsons

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like bsdconferences's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike bsdconferences's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add bsdconferences's video to your playlist.

Uploaded on Apr 19, 2009

Process Isolation for NetBSD and OpenBSD, Kristaps Dzonsons

In NetBSD and OpenBSD, user-land process and process-context isolation is limited to credential cross-checks, file-system chroot and explicit systrace/kauth applications. I'll demonstrate a working mechanism of isolated process trees in branched OpenBSD-4.4 and NetBSD-5.0-beta kernels where an isolated process is started by a system call similar to fork; following that, the child process and its descendants execute in a context isolated from the caller. This system is the continued work of "mult" -- first prototyped in a branched NetBSD-3.1 kernel and isolating all system resources -- pared down to a lightweight, auditable patch of process-only separation for both OpenBSD and NetBSD. I specifically address solutions to performance issues and mechanism design with an eye toward more resources being isolated in the future.

Source: Jason Dixon

Loading icon Loading...

Loading icon Loading...

Loading icon Loading...

The interactive transcript could not be loaded.

Loading icon Loading...

Loading icon Loading...

Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Loading icon Loading...

Loading...
Working...
Sign in to add this to Watch Later

Add to