From: Pavel Machek <pavel@suse.cz>
To: Ulrich Drepper <drepper@gmail.com>
Cc: Arjan van de Ven <arjan@infradead.org>,
linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
dwmw2@infradead.org, drepper@redhat.com, mingo@elte.hu,
tglx@tglx.de
Subject: Re: [PATCH 12/13] hrtimer: create a "timer_slack" field in the task struct
Date: Wed, 17 Sep 2008 09:42:06 +0200 [thread overview]
Message-ID: <20080917074206.GF2659@elf.ucw.cz> (raw)
In-Reply-To: <a36005b50809140904h690d00b0sa66f166a64850114@mail.gmail.com>
On Sun 2008-09-14 09:04:08, Ulrich Drepper wrote:
> On Sun, Sep 14, 2008 at 8:57 AM, Pavel Machek <pavel@suse.cz> wrote:
> >> LD_PRELOAD and other variables are ignored in security-relevant
> >> contexts and environments are cleared in many situations. Sure, you
> >
> > ...but that's okay, right? You would not want passwd to inherit huge
> > slack specified by attacker...?
>
> No, it's not OK. There are enough apps which are privileged and need
> to be handled this way. Take the X server, for instance.
_Need_ to be handled? They are not handled that way today, and it
still seems to work ok.
(Plus X is no longer setuid on new distros...)
So -- how do you prevent user from setting excessively high slack and
interfering with ping or passwd?
> > Well, it is not too much, but... is the cost for userspace really
> > significant? You'd clearly want it stored in environment, not
> > filesystem...
>
> You cannot really use the environment for anything meaningful.
> Especially for this case, you couldn't change the setting for a
> running process. What a fully-userlevel implementation would have
Is this important enough to warrant setting for already-running
processes? I don't think so...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2008-09-17 7:40 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-01 23:03 [PATCH 0/13] Turn hrtimers into a range capable timer Arjan van de Ven
2008-09-01 23:05 ` [PATCH 1/13] hrtimer: add abstraction functions for accessing the "expires" member Arjan van de Ven
2008-09-01 23:05 ` [PATCH 2/13] hrtimer: convert kvm to the new hrtimer apis Arjan van de Ven
2008-09-01 23:06 ` [PATCH 3/13] hrtimer: convert timerfd " Arjan van de Ven
2008-09-01 23:07 ` [PATCH 4/13] hrtimer: convert net::sched_cbq " Arjan van de Ven
2008-09-01 23:08 ` [PATCH 5/13] hrtimer: convert kernel/* " Arjan van de Ven
2008-09-01 23:09 ` [PATCH 6/13] hrtimer: convert powerpc/oprofile " Arjan van de Ven
2008-09-01 23:09 ` [PATCH 7/13] hrtimer: convert kvm-ia64 " Arjan van de Ven
2008-09-01 23:10 ` [PATCH 8/13] hrtimer: convert s390 " Arjan van de Ven
2008-09-01 23:11 ` [PATCH 9/13] hrtimer: convert sound/ " Arjan van de Ven
2008-09-01 23:12 ` [PATCH 10/13] hrtimer: rename the "expires" struct member to avoid accidental usage Arjan van de Ven
2008-09-01 23:12 ` Arjan van de Ven
2008-09-01 23:13 ` [PATCH 11/13] hrtimer: turn hrtimers into range timers Arjan van de Ven
2008-09-02 8:22 ` Peter Zijlstra
2008-09-02 11:08 ` Peter Zijlstra
2008-09-02 11:15 ` Peter Zijlstra
2008-09-02 13:06 ` Arjan van de Ven
2008-09-02 13:05 ` Arjan van de Ven
2008-09-02 13:47 ` Peter Zijlstra
2008-09-02 16:02 ` Arjan van de Ven
2008-09-01 23:14 ` [PATCH 12/13] hrtimer: create a "timer_slack" field in the task struct Arjan van de Ven
2008-09-02 10:04 ` Pavel Machek
2008-09-02 13:03 ` Arjan van de Ven
2008-09-08 13:27 ` Pavel Machek
2008-09-08 13:40 ` Arjan van de Ven
2008-09-08 14:15 ` Pavel Machek
2008-09-08 14:22 ` Arjan van de Ven
2008-09-13 16:24 ` Pavel Machek
2008-09-14 15:21 ` Ulrich Drepper
2008-09-14 15:27 ` Arjan van de Ven
2008-09-14 15:57 ` Pavel Machek
2008-09-14 16:04 ` Ulrich Drepper
2008-09-14 16:14 ` Arjan van de Ven
2008-09-17 7:42 ` Pavel Machek [this message]
2008-09-30 5:16 ` KOSAKI Motohiro
2008-09-30 8:28 ` Arjan van de Ven
2008-09-30 8:54 ` KOSAKI Motohiro
2008-09-01 23:14 ` [PATCH 13/13] hrtimer: make select() and poll() use the hrtimer range feature Arjan van de Ven
2008-09-02 8:22 ` Peter Zijlstra
2008-09-02 16:03 ` Arjan van de Ven
2008-09-06 14:56 ` [PATCH 0/13] Turn hrtimers into a range capable timer Ingo Molnar
2008-09-06 16:30 ` Arjan van de Ven
2008-09-06 16:33 ` Ingo Molnar
2008-09-12 3:39 ` Rusty Russell
2008-09-12 5:42 ` Arjan van de Ven
2008-09-12 20:24 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080917074206.GF2659@elf.ucw.cz \
--to=pavel@suse.cz \
--cc=arjan@infradead.org \
--cc=drepper@gmail.com \
--cc=drepper@redhat.com \
--cc=dwmw2@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=tglx@tglx.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.