KDE system guard

Thiago Macieira thiago at kde.org
Tue Oct 11 21:05:25 BST 2005

Martijn Klingens wrote:
>Under unix it's rather hard to run non-root processes with a negative
> (high priority) nice level though.

Actually, it's very simple. Except that you need one setuid-root 
executable and that could bring security concerns.

All we'd need is a wrapper to call instead of ksysguard. Call it 
kctrleschandler, write it in pure C, let it do a renice(2), setuid(2) and 
exec(2) ksysguard, and you should be done in 10 lines.

A security review of the one-purpose no-switches executable shouldn't be 
too hard. The only problem would be propagating the higher priority if 
ksysguard is allowed to spawn processes, or executing something other 
than ksysguard under negative nice.

  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

1. On frumscafte, hwonne time_t wæs náht, se scieppend þone circolwyrde 
wundorcræftlíge cennede and seo eorðe wæs idel and hit wæs gód.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20051011/07091017/attachment.sig>

More information about the kde-core-devel mailing list