KDE system guard
Thiago Macieira
thiago at kde.org
Tue Oct 11 21:05:25 BST 2005
Martijn Klingens wrote:
>Under unix it's rather hard to run non-root processes with a negative
> (high priority) nice level though.
Actually, it's very simple. Except that you need one setuid-root
executable and that could bring security concerns.
All we'd need is a wrapper to call instead of ksysguard. Call it
kctrleschandler, write it in pure C, let it do a renice(2), setuid(2) and
exec(2) ksysguard, and you should be done in 10 lines.
A security review of the one-purpose no-switches executable shouldn't be
too hard. The only problem would be propagating the higher priority if
ksysguard is allowed to spawn processes, or executing something other
than ksysguard under negative nice.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
1. On frumscafte, hwonne time_t wæs náht, se scieppend þone circolwyrde
wundorcræftlíge cennede and seo eorðe wæs idel and hit wæs gód.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20051011/07091017/attachment.sig>
More information about the kde-core-devel
mailing list