'About realtime rights'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    About realtime rights
From:       Stefan Westerfeld <stefan () space ! twc ! de>
Date:       2000-07-07 10:31:07
[Download RAW message or body]

   Hi!

I'd like to have the option

 ( ) Run soundserver with realtime priority

more easily accessible in the future. It enables people to do medium to low
latency tasks (such as gaming for instance) without dropouts. I'd like to get
some feedback for this. Ultimately, I think having a suid-root install as
default would be the best for most users. 

Currently, artswrapper does not install suid root as default, so most users
will probably never know how to use this check box.

RISKS:
======

Besides the usual security risks that arise with suid-root programming, the
following special risks exist, due to realtime rights:

(1)  a realtime process can freeze the system, by going into an infinite loop
(2)  it can steal other peoples CPU time as the timesharing is circumvented
(3)  while bringing down a system with while(1) fork(); is usually possible,
     doing an equivalent with all these processes having realtime rights is
	 much more efficient

PROTECTION:
===========

(a) It is possible to protect against (1), by writing the suid program that
    gives the realtime rights in a way that it watches the program it gave
	the rights to, and removes them again, if it misbehaves.

(b) One can offer a bit of protection against (2) and (3), if one could
    effectively ensure that only artsd will receive the realtime rights, and
	no other program.


I have an implementation for (a) ready, called realtime_set. It works like
realtime_set <pid> and gives the process realtime rights.

On the other hand, I am not very happy with the current CVS way to ensure (b).
artswrapper does it like this:

* exec'ing artsd itself - so it knows what it calls
* having a path to artsd compiled into the artswrapper binary
* if artsd is installed in /foo/bar/artsd, it checks that / /foo /foo/bar and
  /foo/bar/artsd is owned by root, so it can hope that it couldn't be modified
  by anyone

All this checking behaviour isn't very comfortable for the user, so I'd rather
have a more elegant way (if exists), or no checking at all, as in realtime_set.

CODE:
=====

 * artswrapper    CVS, kdelibs/arts/soundserver/artswrapper.c
 * realtime_set   http://space.twc.de/~stefan/kde/download/realtime_set.c

I am currently a bit afraid of merging both, as it would result in a probably
harder to understand (and harder to audit) program. But certainly, if every-
body thinks that we need the features of both, I could do so, as it is the
only way I know to achieve this.

Any feedback highly appreciated! ;)

   Cu... Stefan
-- 
  -* Stefan Westerfeld, stefan@space.twc.de (PGP!), Hamburg/Germany
     KDE Developer, project infos at http://space.twc.de/~stefan/kde *-         

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic