Subject: Re: [linux-audio-dev] new realtime scheduling policy
From: Paul Davis (paul_AT_linuxaudiosystems.com)
Date: Wed Mar 19 2003 - 16:24:39 EET
>the problem i see with it is that, for this to be useful, (ie, help
>the people for which the capsys stuff is too much trouble), it has to
>be in the kernel that comes with their distribution. but i really
>don't see this getting into the mainline kernel...though perhaps media
>friendly distros will put it in.
why do you see it this way?
if someone has already cracked security such that they can write to
(say) /proc/sys/kernel/rtuser, they already have the power to do more
or less anything to the machine. they can *already* run SCHED_FIFO
tasks, install trojans, shutdown the system, repartition and/or
overwrite the hard drive. adding the capacity to let non-root users
run SCHED_FIFO and call mlockall is already included in the set of
things they can do - the /proc file just makes it simpler.
in addition, if you add resource limits so that things can still be
killed, having user tasks running like this actually isn't much of a
problem - SCHED_FIFO and mlockall only represent a denial of service
attack if you can't kill them (as is the case at the moment).
--p
This archive was generated by hypermail 2b28 : Wed Mar 19 2003 - 16:43:47 EET