Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature

From: Jack O'Quin
Date: Wed Feb 02 2005 - 22:58:55 EST

Next message: IWAMOTO Toshihiro: "[RFC] Changing COW detection to be memory hotplug friendly"
Previous message: Ethan Weinstein: "e1000, sshd, and the infamous "Corrupted MAC on input""
In reply to: Peter Williams: "Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature"
Next in thread: Ingo Molnar: "Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Jack O'Quin wrote:
>> Temporarily dropping privileges gains no security whatsoever. It is
>> nothing more than a coding convenience.

Peter Williams <pwil3058@xxxxxxxxxxxxxx> writes:
> Yes, to help avoid accidentally misusing the privileges.

>> The program remains *inside* the system security perimeter.
>
> Which is why you have to be careful in writing setuid programs.

Which is why I'd rather not run an inherently insecure program like
jackd with root privileges.

I can live with a cracker crashing my audio workstation with a DoS
attack using realtime privileges. I'll just have to reboot. But, I
do not want him turning my mail server into a spam relay.
--
joq
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: IWAMOTO Toshihiro: "[RFC] Changing COW detection to be memory hotplug friendly"
Previous message: Ethan Weinstein: "e1000, sshd, and the infamous "Corrupted MAC on input""
In reply to: Peter Williams: "Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature"
Next in thread: Ingo Molnar: "Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]