Re: [PATCH] [request for inclusion] Realtime LSM

From: Lee Revell
Date: Thu Jan 06 2005 - 21:40:00 EST

Next message: Alan Cox: "Linux 2.6.10-ac5"
Previous message: Jesper Juhl: "[patch] copy_to_user return value checks in drivers/isdn/hisax/config.c"
In reply to: Matt Mackall: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Jack O'Quin: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2005-01-06 at 17:18 -0800, Matt Mackall wrote:
> Why can't this be done with a simple SUID helper to promote given
> tasks to RT with sched_setschedule, doing essentially all the checks
> this LSM is doing?
>
> Objections of "because it requires dangerous root or suid" don't fly,
> an RT app under user control can DoS the box trivially. Never mind you
> need root to configure the LSM anyway..

Yes but a bug in an app running as root can trash the filesystem. The
worst you can do with RT privileges is lock up the machine.

Lee

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Linux 2.6.10-ac5"
Previous message: Jesper Juhl: "[patch] copy_to_user return value checks in drivers/isdn/hisax/config.c"
In reply to: Matt Mackall: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Jack O'Quin: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]