Realtime security breach
Daniel Pittman
daniel at rimspace.net
Fri Apr 6 00:54:18 UTC 2007
bob at coldsource.net writes:
> I have found that on the default install of a kubuntu 6.10, the
> function sched_setscheduler() can be used by a normal user to get
> realtime priority. With realtime priority it is possible to freeze the
> entire computer with a simple while(1); code.
>
> This does not work on a standard linux kernel (user can only set
> non-realtime priority).
>
> Is there any reason to allow normal user to access these
> functionnalities ?
Yes.
You can disable this using the standard ulimit functionality as well as,
I believe, group membership.
Regards,
Daniel
--
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: contact at digital-infrastructure.com.au
http://digital-infrastructure.com.au/
More information about the kubuntu-users
mailing list