Realtime security breach
bob at coldsource.net
bob at coldsource.net
Thu Apr 5 17:05:07 UTC 2007
I have found that on the default install of a kubuntu 6.10, the function
sched_setscheduler() can be used by a normal user to get realtime
priority. With realtime priority it is possible to freeze the entire
computer with a simple while(1); code.
This does not work on a standard linux kernel (user can only set
non-realtime priority).
Is there any reason to allow normal user to access these functionnalities ?
Bob
More information about the kubuntu-users
mailing list