The security concerns you name are completely irrelevant. Any user who can execute code can hog all cores of a system, any time they want to, by starting processes that do so (unless you restrict them with something like ulimit, which works just as well on threaded processes). The kernels job is to keep the system running responsive enough so that other user processes and the system in general run well. Try running the line I sent, it'll work on a single-core system just as well. If you're running a reasonably modern version of Linux you may experience some slowdown on certain other applications, but your system should not grind to a halt, nor show real signs of unresponsiveness. That's the kernel doing its job, no reason to panic, business as usual.

So all the talk about hijacking, injecting etc. completely misses the point of a multi-user system, yes you can do all these things with threads (if you're root), just as you could with processes. But no, it isn't a problem (if it were, by your reasoning, system security would be impossible on a single-core machine). The kernel only allows you as much access as the system policy dictates, and the system administrator sets system policy. You may have a point that multi-threaded apps can make things harder for the system administrator by obscuring what they're doing, because most Linux tools are built primarily with the multi-process model in mind. But, honestly, in over a decade of sysadmining multi-user systems I have never found this to be a problem.

BTW, the nodes you link to aren't really pertinent to a discussion about threads vs. processes today, they're from 2003 (only the last one, which contains very little helpful discussion on the topic, is from 2006), a time when most people were still running Perl 5.6 and (if on Linux) a 2.4 kernel. Lots of things have changed since then, and any serious discussion on the topic would have to take these changes into account (I have no desire to hold such a debate, I find it pretty pointless).


All dogma is stupid.

In reply to Re^4: Standard way to convert timezone in multithreaded script by tirwhan
in thread Standard way to convert timezone in multithreaded script by whale2

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.