| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jul 2006 11:44:44 -0400 From: Lee Revell <rlrevell@...-job.com> To: Jean-Marc Valin <Jean-Marc.Valin@...erbrooke.ca> Cc: Arjan van de Ven <arjan@...radead.org>, Esben Nielsen <nielsen.esben@...glemail.com>, linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...e.hu> Subject: Re: Where is RLIMIT_RT_CPU? On Sun, 2006-07-16 at 01:04 +1000, Jean-Marc Valin wrote: > > as long as you can fork and exec as many of those processes as you want > > a per process rlimit is useless security wise... an evil user just fires > > off a second process just before the first one gets killed and a non-RT > > root still is starved out. > > Of course, which is why the idea is for the limit to be global, across > all non-root users. AFAIK, that's what Ingo's original (pre-2.6.12) > patch did and also what Con Kolivas' SCHED_ISO patch does. That's also > why I think it would be very hard (if possible at all) to do this in > user space. I don't think it's a problem. If the admin does not want non-root users to be able to lock up the machine, just don't put them in the realtime group. Lee - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists