Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface

[Arjan van de Ven]

On 7/14/2016 10:45 AM, Kees Cook wrote:
> On Thu, Jul 14, 2016 at 9:09 AM, John Stultz <john.stultz@xxxxxxxxxx> wrote:
> > On Thu, Jul 14, 2016 at 5:48 AM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote:
> > > Quoting Kees Cook (keescook@xxxxxxxxxxxx):
> > > > I think the original CAP_SYS_NICE should be fine. A malicious
> > > > CAP_SYS_NICE process can do plenty of insane things, I don't feel like
> > > > the timer slack adds to any realistic risks.
> > >
> > > Can someone give a detailed explanation of what you could do with
> > > the new timerslack feature and compare it to what you can do with
> > > sys_nice?
> >
> > Looking at the man page for CAP_SYS_NICE, it looks like such a task
> > can set a task as SCHED_FIFO, so they could fork some spinning
> > processes and set them all SCHED_FIFO 99, in effect delaying all other
> > tasks for an infinite amount of time.
> >
> > So one might argue setting large timerslack vlaues isn't that
> > different risk wise?
>
> Right -- you can hose a system with CAP_SYS_NICE already; I don't
> think timerslack realistically changes that.

fair enough

the worry of being able to time attack things is there already with the SCHED_FIFO
so... purist objection withdrawn in favor of the pragmatic