| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALAqxLWb6LaLro-dCYF1Upm1=4Dag1JfrmsxrjWhc6x-keGzkg@mail.gmail.com> Date: Thu, 14 Jul 2016 09:09:33 -0700 From: John Stultz <john.stultz@...aro.org> To: "Serge E. Hallyn" <serge@...lyn.com> Cc: Kees Cook <keescook@...omium.org>, Andrew Morton <akpm@...ux-foundation.org>, Thomas Gleixner <tglx@...utronix.de>, Arjan van de Ven <arjan@...ux.intel.com>, lkml <linux-kernel@...r.kernel.org>, Oren Laadan <orenl@...lrox.com>, Ruchi Kandoi <kandoiruchi@...gle.com>, Rom Lemarchand <romlem@...roid.com>, Android Kernel Team <kernel-team@...roid.com>, Todd Kjos <tkjos@...gle.com>, Colin Cross <ccross@...roid.com>, Nick Kralevich <nnk@...gle.com>, Dmitry Shmidt <dimitrysh@...gle.com>, Elliott Hughes <enh@...gle.com> Subject: Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface On Thu, Jul 14, 2016 at 5:48 AM, Serge E. Hallyn <serge@...lyn.com> wrote: > Quoting Kees Cook (keescook@...omium.org): >> I think the original CAP_SYS_NICE should be fine. A malicious >> CAP_SYS_NICE process can do plenty of insane things, I don't feel like >> the timer slack adds to any realistic risks. > > Can someone give a detailed explanation of what you could do with > the new timerslack feature and compare it to what you can do with > sys_nice? Looking at the man page for CAP_SYS_NICE, it looks like such a task can set a task as SCHED_FIFO, so they could fork some spinning processes and set them all SCHED_FIFO 99, in effect delaying all other tasks for an infinite amount of time. So one might argue setting large timerslack vlaues isn't that different risk wise? thanks -john
Powered by blists - more mailing lists