Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262636AbVBCDLf (ORCPT ); Wed, 2 Feb 2005 22:11:35 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262549AbVBCDLa (ORCPT ); Wed, 2 Feb 2005 22:11:30 -0500 Received: from gizmo08bw.bigpond.com ([144.140.70.18]:35809 "HELO gizmo08bw.bigpond.com") by vger.kernel.org with SMTP id S262749AbVBCDKy (ORCPT ); Wed, 2 Feb 2005 22:10:54 -0500 Message-ID: <42019633.80803@bigpond.net.au> Date: Thu, 03 Feb 2005 14:10:43 +1100 From: Peter Williams User-Agent: Mozilla Thunderbird 0.9 (X11/20041127) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Jack O'Quin" CC: Paul Davis , "Bill Huey (hui)" , Ingo Molnar , Nick Piggin , Con Kolivas , linux , rlrevell@joe-job.com, CK Kernel , utz , Andrew Morton , alexn@dsv.su.se, Rui Nuno Capela , Chris Wright , Arjan van de Ven Subject: Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature References: <200502022303.j12N3nZa002055@localhost.localdomain> <42016661.80908@bigpond.net.au> <87d5viigyo.fsf@sulphur.joq.us> In-Reply-To: <87d5viigyo.fsf@sulphur.joq.us> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1491 Lines: 45 Jack O'Quin wrote: > Peter Williams writes: > > >>>>If you have the source code for the programs then they could be >>>>modified to drop the root euid after they've changed policy. Or >>>>even do the > > >>Paul Davis wrote: >> >>>This is insufficient, since they need to be able to drop RT >>>scheduling and then reacquire it again later. > > >>I believe that there are mechanisms that allow this. The setuid man >>page states that a process with non root real uid but setuid as root >>can use the seteuid call to use the _POSIX_SAVED_IDS mechanism to >>drop and regain root privileges as required. > > > Which every system cracker knows. Any attack on such a program is > going to re-acquire root privileges and take over the system. > > Temporarily dropping privileges gains no security whatsoever. It is > nothing more than a coding convenience. Yes, to help avoid accidentally misusing the privileges. > The program remains *inside* > the system security perimeter. Which is why you have to be careful in writing setuid programs. Peter -- Peter Williams pwil3058@bigpond.net.au "Learning, n. The kind of ignorance distinguishing the studious." -- Ambrose Bierce - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/