Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature

[Peter Williams]

Jack O'Quin wrote:
> Peter Williams <pwil3058@xxxxxxxxxxxxxx> writes:
>
>
> > > > If you have the source code for the programs then they could be
> > > > modified to drop the root euid after they've changed policy.  Or
> > > > even do the
>
>
> > Paul Davis wrote:
> >
> > > This is insufficient, since they need to be able to drop RT
> > > scheduling and then reacquire it again later.
>
>
> > I believe that there are mechanisms that allow this.  The setuid man
> > page states that a process with non root real uid but setuid as root
> > can use the seteuid call to use the _POSIX_SAVED_IDS mechanism to
> > drop and regain root privileges as required.
>
>
> Which every system cracker knows.  Any attack on such a program is
> going to re-acquire root privileges and take over the system.
>
> Temporarily dropping privileges gains no security whatsoever.  It is
> nothing more than a coding convenience.

Yes, to help avoid accidentally misusing the privileges.

> The program remains *inside*
> the system security perimeter.

Which is why you have to be careful in writing setuid programs.

Peter
--
Peter Williams                                   pwil3058@xxxxxxxxxxxxxx

"Learning, n. The kind of ignorance distinguishing the studious."
 -- Ambrose Bierce
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/