Re: [RFD] 'nice' attribute for executable files
From: Horst von Brand
Date: Fri Apr 01 2005 - 12:37:02 EST
Wiktor <victorjan@xxxxxxxxxxxxxx> said:
> Horst von Brand wrote:
> > Even better: Write a C wrapper for each affected program that just renices
> > it as needed.
> I suggest to implement scalable solution, so the final user wont't have
> to write separate wrapper for *each* program.
Final user doesn't. It is a job for whoever writes the program, or packages
it for a distro. If even required.
> universal wrapper is
> better solution, but (now i know, that implementing something that can
> be dangerous if used incorrectly is so evil, that only the devil could
> have proposed it) it forces use of database (that normally would be kept
> in filesystem's file metadata) and if some-malicious-person would have
> accessed it in write mode (as result of wrong file permissions), the
> system performerance would be in danger. in my solution, there is
> per-file attribute, accessible only for root, and if hacker has root
> permissions, existence of nice attribute is meaningless.
Anything like this that can be accessed by plain users (not root) is
inherently dangerous. It is for a reason that only root can increase the
priority of a process. If you allow reniceing and place some kind of limit
on it, even Aunt Tillie will run her programs with priority maxed out, and
we are back were we are today.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/