Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262862AbVBCBMe (ORCPT ); Wed, 2 Feb 2005 20:12:34 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262844AbVBCBMd (ORCPT ); Wed, 2 Feb 2005 20:12:33 -0500 Received: from mail.joq.us ([67.65.12.105]:64747 "EHLO sulphur.joq.us") by vger.kernel.org with ESMTP id S262862AbVBCBML (ORCPT ); Wed, 2 Feb 2005 20:12:11 -0500 To: Peter Williams Cc: Paul Davis , "Bill Huey (hui)" , Ingo Molnar , Nick Piggin , Con Kolivas , linux , rlrevell@joe-job.com, CK Kernel , utz , Andrew Morton , alexn@dsv.su.se, Rui Nuno Capela , Chris Wright , Arjan van de Ven Subject: Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature References: <200502022303.j12N3nZa002055@localhost.localdomain> <42016661.80908@bigpond.net.au> From: "Jack O'Quin" Date: Wed, 02 Feb 2005 19:13:03 -0600 In-Reply-To: <42016661.80908@bigpond.net.au> (Peter Williams's message of "Thu, 03 Feb 2005 10:46:41 +1100") Message-ID: <87d5viigyo.fsf@sulphur.joq.us> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Corporate Culture, linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1149 Lines: 28 Peter Williams writes: >>> If you have the source code for the programs then they could be >>> modified to drop the root euid after they've changed policy. Or >>> even do the > Paul Davis wrote: >> This is insufficient, since they need to be able to drop RT >> scheduling and then reacquire it again later. > I believe that there are mechanisms that allow this. The setuid man > page states that a process with non root real uid but setuid as root > can use the seteuid call to use the _POSIX_SAVED_IDS mechanism to > drop and regain root privileges as required. Which every system cracker knows. Any attack on such a program is going to re-acquire root privileges and take over the system. Temporarily dropping privileges gains no security whatsoever. It is nothing more than a coding convenience. The program remains *inside* the system security perimeter. -- joq - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/