OOM-killer prevention for master kdeinit process
Lubos Lunak
l.lunak at suse.cz
Wed Aug 2 22:21:28 BST 2006
On Wednesday 02 August 2006 22:31, Dirk Mueller wrote:
> On Wednesday, 2. August 2006 17:07, Lubos Lunak wrote:
> > > Now, who's the setuid guru here :)? Is the attached (KDE3) patch ok?
> > > I'd prefer not to have security people going after me.
>
> I would replace the fopen etc stuff with open(). no difference, just less
> stuff to depend on.
>
> What I'm wondering though: is the oom_score adjustment inherited to fork'ed
> childs or is it noninherited?
Ah, damn, of course it is inherited :(. So the adjustment needs to be reset
right after forking. Hmm, I'm not sure we want kdeinit to stay setuid for so
long, so I guess that means another setuid helper. And I suppose that helper
will need some checks to make sure it cannot be misused? Do we have already
something similar I could base this on?
> Also, the additional gid's are not dropped
Does that mean artswrapper is wrong too? I just used that as a base. And I
don't think I really know what to fix :).
> and the uid dropping is inside an #ifdef (which might not be defined outside
> linux).
It is setuid only on Linux, see the Makefile. It could be actually moved
outside, no harm in doing that.
--
Lubos Lunak
KDE developer
---------------------------------------------------------------------
SuSE CR, s.r.o. e-mail: l.lunak at suse.cz , l.lunak at kde.org
Drahobejlova 27 tel: +420 2 9654 2373
190 00 Praha 9 fax: +420 2 9654 2374
Czech Republic http://www.suse.cz/
More information about the kde-core-devel
mailing list