[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: About realtime rights
From:       Matthias Hoelzer-Kluepfel <mhk () caldera ! de>
Date:       2000-07-10 6:05:46
[Download RAW message or body]

On Fri, 7 Jul 2000, Stefan Westerfeld wrote:

> more easily accessible in the future. It enables people to do medium to low
> latency tasks (such as gaming for instance) without dropouts. I'd like to get
> some feedback for this. Ultimately, I think having a suid-root install as
> default would be the best for most users. 
> 
> Currently, artswrapper does not install suid root as default, so most users
> will probably never know how to use this check box.
> 
> RISKS:
> ======
> 
> Besides the usual security risks that arise with suid-root programming, the
> following special risks exist, due to realtime rights:
> 
> (1)  a realtime process can freeze the system, by going into an infinite loop
> (2)  it can steal other peoples CPU time as the timesharing is circumvented
> (3)  while bringing down a system with while(1) fork(); is usually possible,
>      doing an equivalent with all these processes having realtime rights is
> 	 much more efficient

I think you forgot the biggest risk: security. suid
applications are evil. period. And a server being started suid
root is _very_ evil. I don't even want to think about a suid
server having real-time priority and accepting network
connections. Scary.

One thing I wondered about for some time: is it really
necessary to run the server for the user? Couldn't there be
just one server running as root, and the user gets an
authentication token when he logs in, just like the X-server
does it? That way, it would not have to be suid root, and it
would not have to be started when the user logs in? Does artsd
already support this?


Bye,
Matthias.

[prev in list] [next in list] [prev in thread] [next in thread]