Re: [PATCH] [request for inclusion] Realtime LSM
From: Pavel Machek
Date: Thu Mar 10 2005 - 16:27:31 EST
On Mon 07-03-05 23:30:57, Jack O'Quin wrote:
> Andrew Morton <akpm@xxxxxxxx> writes:
> > Matt Mackall <mpm@xxxxxxxxxxx> wrote:
> >> I think Chris Wright's last rlimit patch is more sensible and ready to
> >> go.
> > I must say that I like rlimits - very straightforward, although somewhat
> > awkward to use from userspace due to shortsighted shell design.
> > Does anyone have serious objections to this approach?
> 1. is likely to introduce multiuser system security holes like the one
> created recently when the mlock() rlimits bug was fixed (DoS attacks)
Default is unchanged and you claim your boxes are single-user-a-time,
> 2. requires updates to all the shells
No. Just set it during login.
> 3. forces Windows and Mac musicians to learn and understand PAM
While you force them to mess with security modules. I'd say thats and improvement.
And "understanding PAM" in this case means updating two files, adding one
line to each.
> 4. is undocumented and has never been tested in any real music studios
So write the docs and test it.
64 bytes from 22.214.171.124: icmp_seq=28 ttl=51 time=448769.1 ms
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/