From: Peter Williams <pwil3058@bigpond.net.au>
To: Paul Davis <paul@linuxaudiosystems.com>
Cc: "Bill Huey (hui)" <bhuey@lnxw.com>, "Jack O'Quin" <joq@io.com>,
Ingo Molnar <mingo@elte.hu>,
Nick Piggin <nickpiggin@yahoo.com.au>,
Con Kolivas <kernel@kolivas.org>,
linux <linux-kernel@vger.kernel.org>,
rlrevell@joe-job.com, CK Kernel <ck@vds.kolivas.org>,
utz <utz@s2y4n2c.de>, Andrew Morton <akpm@osdl.org>,
alexn@dsv.su.se, Rui Nuno Capela <rncbc@rncbc.org>,
Chris Wright <chrisw@osdl.org>,
Arjan van de Ven <arjanv@redhat.com>
Subject: Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature
Date: Thu, 03 Feb 2005 10:46:41 +1100 [thread overview]
Message-ID: <42016661.80908@bigpond.net.au> (raw)
In-Reply-To: <200502022303.j12N3nZa002055@localhost.localdomain>
Paul Davis wrote:
>>As Ingo said in an earlier a post, with a little ingenuity this problem
>>can be solved in user space. The programs in question can be setuid
>>root so that they can set RT scheduling policy BUT have their
>>permissions set so that they only executable by owner and group with the
>>group set to a group that only contains those users that have permission
>>to run this program in RT mode. If you wish to allow other users to run
>>the program but not in RT mode then you would need two copies of the
>>program: one set up as above and the other with normal permissions.
>
>
> Just a reminder: setuid root is precisely what we are attempting to
> avoid.
There's nothing wrong with using setuid root if you do it carefully and
properly. If you have the sources to the program then you can place all
the necessary safeguards in the program itself. Doing this inside the
program would allow more elaborate control over who is allowed to set RT
policy from within the program. E.g. you could have a file (owned by
root and only writable by root) in /etc with the names of the users that
have this privilege. If this file does not exist, has the wrong
privileges or the user associated with task's ruid is not in the file
then the the program immediately and irrevocably drops root privileges
otherwise it drops them temporarily and regains them when it needs to
either change policy to RT or fork another task that needs the same
privileges.
>
>
>>If you have the source code for the programs then they could be modified
>>to drop the root euid after they've changed policy. Or even do the
>
>
> This is insufficient, since they need to be able to drop RT scheduling
> and then reacquire it again later.
I believe that there are mechanisms that allow this. The setuid man
page states that a process with non root real uid but setuid as root can
use the seteuid call to use the _POSIX_SAVED_IDS mechanism to drop and
regain root privileges as required.
Peter
--
Peter Williams pwil3058@bigpond.net.au
"Learning, n. The kind of ignorance distinguishing the studious."
-- Ambrose Bierce
next prev parent reply other threads:[~2005-02-03 0:04 UTC|newest]
Thread overview: 198+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-19 22:39 [PATCH]sched: Isochronous class v2 for unprivileged soft rt scheduling Con Kolivas
2005-01-20 0:16 ` utz lehmann
2005-01-20 0:33 ` Con Kolivas
2005-01-20 4:26 ` utz lehmann
2005-01-20 5:55 ` Con Kolivas
2005-01-20 17:54 ` Alexander Nyberg
2005-01-20 20:27 ` Con Kolivas
2005-01-20 0:53 ` Con Kolivas
2005-01-20 1:32 ` Jack O'Quin
2005-01-20 2:06 ` Con Kolivas
2005-01-20 2:45 ` Jack O'Quin
2005-01-20 4:07 ` Con Kolivas
2005-01-20 4:57 ` Jack O'Quin
2005-01-20 5:05 ` Gene Heskett
2005-01-20 5:59 ` Con Kolivas
2005-01-20 6:35 ` Con Kolivas
2005-01-20 15:19 ` Jack O'Quin
2005-01-20 15:42 ` Paul Davis
2005-01-20 16:47 ` Jack O'Quin
2005-01-20 17:25 ` Ingo Molnar
2005-01-22 0:09 ` Jack O'Quin
2005-01-22 16:54 ` Ingo Molnar
2005-01-22 21:23 ` Jack O'Quin
2005-01-23 2:06 ` Nick Piggin
2005-01-23 2:58 ` Chris Wright
2005-01-24 8:59 ` Ingo Molnar
2005-01-24 9:55 ` Paolo Ciarrocchi
2005-01-24 10:29 ` Nick Piggin
2005-01-24 10:46 ` Ingo Molnar
2005-01-24 12:58 ` [patch, 2.6.11-rc2] sched: /proc/sys/kernel/rt_cpu_limit tunable Ingo Molnar
2005-01-24 13:34 ` Ingo Molnar
2005-01-24 13:53 ` Con Kolivas
2005-01-24 14:01 ` [ck] " Con Kolivas
[not found] ` <87k6q2umla.fsf@sulphur.joq.us>
2005-01-25 6:28 ` Nick Piggin
2005-01-25 14:12 ` Ingo Molnar
2005-01-25 8:37 ` Ingo Molnar
2005-01-25 21:36 ` Jack O'Quin
2005-01-25 21:49 ` Ingo Molnar
2005-01-25 21:55 ` Chris Wright
2005-01-25 21:57 ` Ingo Molnar
2005-01-25 22:03 ` Chris Wright
2005-01-25 22:08 ` Ingo Molnar
2005-01-25 22:16 ` Chris Wright
2005-01-25 22:44 ` Bill Rugolsky Jr.
2005-01-26 5:12 ` Jack O'Quin
2005-01-26 7:27 ` Ingo Molnar
2005-01-26 11:02 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU feature, -D7 Ingo Molnar
2005-01-25 13:56 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature Ingo Molnar
2005-01-25 14:06 ` Con Kolivas
2005-01-25 22:18 ` Peter Williams
2005-01-25 22:26 ` Peter Williams
2005-01-26 10:08 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU feature, -D7 Ingo Molnar
2005-01-26 14:22 ` Jack O'Quin
2005-01-26 16:18 ` [ck] " Cal
2005-01-26 16:29 ` Cal
2005-01-26 16:41 ` Jack O'Quin
2005-01-26 17:57 ` Cal
2005-01-26 18:57 ` Jack O'Quin
2005-01-27 2:03 ` Cal
2005-01-27 8:51 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU feature, -D8 Ingo Molnar
2005-01-27 12:48 ` Cal
2005-01-27 16:31 ` Mike Galbraith
2005-01-26 21:28 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU feature, -D7 Peter Williams
2005-01-26 21:44 ` Peter Williams
2005-01-26 9:20 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature Ingo Molnar
2005-01-31 23:03 ` Peter Williams
2005-02-01 10:11 ` [patch] sys_setpriority() euid semantics fix Ingo Molnar
2005-02-01 21:46 ` Peter Williams
2005-01-26 5:24 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature Jack O'Quin
2005-01-26 7:04 ` Ingo Molnar
2005-01-26 22:27 ` Jack O'Quin
2005-01-26 23:29 ` Nick Piggin
2005-01-27 2:31 ` Jack O'Quin
2005-01-27 3:26 ` Nick Piggin
2005-01-27 5:15 ` Jack O'Quin
2005-01-27 5:54 ` Nick Piggin
2005-01-27 8:35 ` Ingo Molnar
2005-01-27 8:59 ` Ingo Molnar
2005-01-27 11:35 ` Ingo Molnar
2005-02-02 5:10 ` Jack O'Quin
2005-02-02 11:10 ` Bill Huey
2005-02-02 16:44 ` Jack O'Quin
2005-02-02 21:14 ` Bill Huey
2005-02-02 21:20 ` Bill Huey
2005-02-02 21:21 ` Ingo Molnar
2005-02-02 21:34 ` Bill Huey
2005-02-02 22:59 ` Paul Davis
2005-02-03 2:46 ` Bill Huey
2005-02-03 14:20 ` Paul Davis
2005-02-03 20:19 ` Con Kolivas
2005-02-03 20:47 ` Ingo Molnar
2005-02-03 21:15 ` Paul Davis
2005-02-03 21:28 ` Ingo Molnar
2005-02-03 21:41 ` Paul Davis
2005-02-03 21:59 ` Ingo Molnar
2005-02-03 22:24 ` Paul Davis
2005-02-03 22:26 ` Ingo Molnar
2005-02-04 0:36 ` Tristan Wibberley
2005-02-03 21:48 ` Peter Williams
2005-02-04 16:41 ` Jack O'Quin
2005-02-04 21:38 ` Peter Williams
2005-02-03 21:41 ` Ingo Molnar
2005-02-03 23:01 ` Bill Huey
2005-02-11 21:27 ` Lee Revell
2005-02-02 21:54 ` Peter Williams
2005-02-02 23:03 ` Paul Davis
2005-02-02 23:46 ` Peter Williams [this message]
2005-02-03 1:13 ` Jack O'Quin
2005-02-03 3:10 ` Peter Williams
2005-02-03 3:56 ` Jack O'Quin
2005-02-03 21:36 ` Ingo Molnar
2005-02-04 0:35 ` Chris Wright
2005-02-04 17:21 ` Jack O'Quin
2005-02-03 2:54 ` Bill Huey
2005-02-03 3:25 ` Peter Williams
2005-02-02 11:37 ` Ingo Molnar
2005-02-02 16:01 ` Jack O'Quin
2005-02-02 18:59 ` Lee Revell
2005-02-02 19:31 ` Jack O'Quin
2005-02-02 20:29 ` Ingo Molnar
2005-02-02 22:45 ` Jack O'Quin
2005-02-02 20:17 ` Ingo Molnar
2005-01-27 20:01 ` Lee Revell
2005-01-28 6:38 ` Ingo Molnar
2005-01-28 8:09 ` Jack O'Quin
2005-01-28 8:08 ` Ingo Molnar
2005-01-28 8:35 ` Jack O'Quin
2005-01-28 8:40 ` Ingo Molnar
2005-01-28 9:01 ` Jack O'Quin
2005-01-28 9:11 ` Ingo Molnar
2005-01-29 0:44 ` Lee Revell
2005-01-28 9:51 ` Mike Galbraith
2005-01-28 22:16 ` Peter Williams
2005-01-28 22:19 ` Ingo Molnar
2005-01-29 7:02 ` Jack O'Quin
2005-01-31 22:29 ` Bill Davidsen
2005-02-01 0:39 ` Bill Huey
2005-01-25 5:16 ` [PATCH]sched: Isochronous class v2 for unprivileged soft rt scheduling Jack O'Quin
2005-01-25 15:09 ` Ingo Molnar
2005-01-23 20:48 ` Jack O'Quin
2005-01-23 22:57 ` Con Kolivas
2005-01-24 1:06 ` Jack O'Quin
2005-01-24 1:09 ` Con Kolivas
2005-01-24 4:45 ` Jack O'Quin
2005-01-24 4:53 ` Jack O'Quin
2005-01-24 6:28 ` Jack O'Quin
2005-01-24 6:35 ` Con Kolivas
2005-01-24 6:57 ` Jack O'Quin
2005-01-24 22:58 ` Con Kolivas
2005-01-25 3:55 ` Con Kolivas
2005-01-25 13:05 ` Con Kolivas
2005-01-25 14:38 ` Con Kolivas
2005-01-25 18:36 ` Jack O'Quin
2005-01-25 20:52 ` Rui Nuno Capela
2005-01-24 21:46 ` Con Kolivas
2005-01-23 7:38 ` Jack O'Quin
2005-01-23 7:41 ` Con Kolivas
2005-01-24 6:30 ` Jack O'Quin
2005-01-24 20:55 ` Ingo Molnar
2005-01-20 21:59 ` Peter Chubb
2005-01-21 0:30 ` Jack O'Quin
2005-01-22 14:06 ` Paul Davis
2005-01-20 17:49 ` ross
2005-01-20 19:07 ` Lee Revell
2005-01-20 23:17 ` Con Kolivas
2005-01-21 7:48 ` Ingo Molnar
2005-02-07 3:09 ` Werner Almesberger
2005-02-07 3:27 ` Jack O'Quin
2005-02-07 3:27 ` Con Kolivas
2005-01-20 9:06 ` Rui Nuno Capela
2005-01-20 17:09 ` Rui Nuno Capela
2005-01-20 19:32 ` Jack O'Quin
2005-01-21 9:18 ` Rui Nuno Capela
2005-01-21 16:23 ` Con Kolivas
2005-01-21 16:40 ` Jack O'Quin
2005-01-22 0:06 ` Con Kolivas
2005-01-22 6:18 ` Jack O'Quin
2005-01-22 6:19 ` Con Kolivas
2005-01-22 6:48 ` Con Kolivas
2005-01-22 6:50 ` Con Kolivas
2005-01-22 7:09 ` Con Kolivas
2005-01-22 20:22 ` Jack O'Quin
2005-01-23 1:02 ` Con Kolivas
2005-01-23 3:02 ` Jack O'Quin
2005-01-23 4:29 ` Con Kolivas
2005-01-23 4:46 ` Jack O'Quin
2005-01-23 4:50 ` Con Kolivas
2005-01-23 7:37 ` Mike Galbraith
2005-01-23 13:57 ` Paul Davis
2005-01-23 1:31 ` Con Kolivas
2005-01-23 1:41 ` Paul Davis
2005-01-23 1:56 ` Con Kolivas
2005-01-23 4:50 ` Jack O'Quin
2005-01-21 23:30 ` utz lehmann
2005-01-21 23:48 ` Con Kolivas
2005-01-22 0:28 ` utz lehmann
2005-01-22 3:52 ` Con Kolivas
2005-01-22 6:15 ` Jack O'Quin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42016661.80908@bigpond.net.au \
--to=pwil3058@bigpond.net.au \
--cc=akpm@osdl.org \
--cc=alexn@dsv.su.se \
--cc=arjanv@redhat.com \
--cc=bhuey@lnxw.com \
--cc=chrisw@osdl.org \
--cc=ck@vds.kolivas.org \
--cc=joq@io.com \
--cc=kernel@kolivas.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=nickpiggin@yahoo.com.au \
--cc=paul@linuxaudiosystems.com \
--cc=rlrevell@joe-job.com \
--cc=rncbc@rncbc.org \
--cc=utz@s2y4n2c.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox