Re: [PATCH 12/13] hrtimer: create a "timer_slack" field in thetask struct

[Pavel Machek]

On Sun 2008-09-14 09:04:08, Ulrich Drepper wrote:
> On Sun, Sep 14, 2008 at 8:57 AM, Pavel Machek <pavel@xxxxxxx> wrote:
> >> LD_PRELOAD and other variables are ignored in security-relevant
> >> contexts and environments are cleared in many situations.  Sure, you
> >
> > ...but that's okay, right? You would not want passwd to inherit huge
> > slack specified by attacker...?
> 
> No, it's not OK.  There are enough apps which are privileged and need
> to be handled this way.  Take the X server, for instance.

_Need_ to be handled? They are not handled that way today, and it
still seems to work ok.

(Plus X is no longer setuid on new distros...)

So -- how do you prevent user from setting excessively high slack and
interfering with ping or passwd?

> > Well, it is not too much, but... is the cost for userspace really
> > significant? You'd clearly want it stored in environment, not
> > filesystem...
> 
> You cannot really use the environment for anything meaningful.
> Especially for this case, you couldn't change the setting for a
> running process.  What a fully-userlevel implementation would have

Is this important enough to warrant setting for already-running
processes? I don't think so...
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/