To: linux-kernel@vger.kernel.org
From: =?iso-8859-1?q?M=E5ns_Rullg=E5rd?= <mru@inprovide.com>
Subject: Re: [RFD] 'nice' attribute for executable files
Date: Fri, 01 Apr 2005 18:12:21 +0200
Message-ID: <yw1xy8c2pjbu.fsf@ford.inprovide.com>
References: <200503311556.j2VFu9Hc007903@laptop11.inf.utfsm.cl> <424D6B54.2090200@poczta.onet.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through
 Obscurity, linux)
Cancel-Lock: sha1:LmX7ziEqd/IIPWkCGhjdAlBoK/U=
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1386
Lines: 29

Wiktor <victorjan@poczta.onet.pl> writes:

> Horst von Brand wrote:
>> Even better: Write a C wrapper for each affected program that just
>> renices
>> it as needed.
>
> I suggest to implement scalable solution, so the final user wont't
> have to write separate wrapper for *each* program. universal wrapper
> is better solution, but (now i know, that implementing something that
> can be dangerous if used incorrectly is so evil, that only the devil
> could have proposed it) it forces use of database (that normally would
> be kept in filesystem's file metadata)

A userspace solution could still use POSIX extended attributes.

> and if some-malicious-person would have accessed it in write mode
> (as result of wrong file permissions), the system performerance
> would be in danger. in my solution, there is per-file attribute,
> accessible only for root, and if hacker has root permissions,
> existence of nice attribute is meaningless.

You forgot something: this idea of yours needs to be implemented,
tested, and debugged.  Those things take time, and effort, and are
still of very little value.

-- 
M?ns Rullg?rd
mru@inprovide.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/