[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: OOM-killer prevention for master kdeinit process
From:       Lubos Lunak <l.lunak () suse ! cz>
Date:       2006-08-02 21:21:28
Message-ID: 200608022321.28310.l.lunak () suse ! cz
[Download RAW message or body]

On Wednesday 02 August 2006 22:31, Dirk Mueller wrote:
> On Wednesday, 2. August 2006 17:07, Lubos Lunak wrote:
> > >  Now, who's the setuid guru here :)? Is the attached (KDE3) patch ok?
> > > I'd prefer not to have security people going after me.
>
> I would replace the fopen etc stuff with open(). no difference, just less
> stuff to depend on.
>
> What I'm wondering though: is the oom_score adjustment inherited to fork'ed
> childs or is it noninherited?

 Ah, damn, of course it is inherited :(. So the adjustment needs to be reset 
right after forking. Hmm, I'm not sure we want kdeinit to stay setuid for so 
long, so I guess that means another setuid helper. And I suppose that helper 
will need some checks to make sure it cannot be misused? Do we have already 
something similar I could base this on?

> Also, the additional gid's are not dropped

 Does that mean artswrapper is wrong too? I just used that as a base. And I 
don't think I really know what to fix :).

> and the uid dropping is inside an #ifdef (which might not be defined outside
> linux). 

 It is setuid only on Linux, see the Makefile. It could be actually moved 
outside, no harm in doing that.

-- 
Lubos Lunak
KDE developer
---------------------------------------------------------------------
SuSE CR, s.r.o.  e-mail: l.lunak@suse.cz , l.lunak@kde.org
Drahobejlova 27  tel: +420 2 9654 2373
190 00 Praha 9   fax: +420 2 9654 2374
Czech Republic   http://www.suse.cz/
[prev in list] [next in list] [prev in thread] [next in thread]