11 Apr
2005
11 Apr
'05
1:07 p.m.
On Sun, 2005-04-10 at 19:42 -0500, Robert Shearman wrote:
You're forgetting the reason why we need the suid root binary - because allowing processes to set their priority as realtime (or otherwise very high) leaves the system open to a trvial DoS attack. Not only do the startup code paths need to be audited, but also the priority setting logic too.
Good point. But I don't think there's any way to avoid this: fundamentally anyone can write a Win32 app that requests realtime priority and then goes into an infinite loop. In order to emulate that faithfully Linux just has to budge.
It's not like it's hard to DoS a desktop Linux box anyway. Just compile winetest on it ;) <duck>