| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <470D68DA.2010803@davidnewall.com> Date: Thu, 11 Oct 2007 09:35:46 +0930 From: David Newall <david@...idnewall.com> To: Valdis.Kletnieks@...edu CC: Gustavo Chain <g@...f.cl>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Reserve N process to root Valdis.Kletnieks@...edu wrote: > What David meant was that "root will always have a slot" doesn't *actually* > help unless you *also* have a way to actually *spawn* such a process. In order > to do the ps, kill, and so on that you need to recover, you need to already > have either a root shell available, or a way to *get* a root shell that doesn't > rely on a non-root process (so /bin/su doesn't help here). That's right, although it's worse than that. You need to have a process with CAP_SYS_ADMIN. If root processes normally have that capability then the reserved slots may well disappear before you notice a problem. If root processes normally don't have it, then you need to guarantee that one is already running. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists