Date: Wed, 19 Jun 2002 09:41:45 -0500 From: "Richard Seaman, Jr." <dick@seaman.org> To: Peter Edwards <pmedwards@eircom.net> Cc: hackers@FreeBSD.ORG Subject: Re: sched_setscheduler() permissions and the linux JDK 1.4 Message-ID: <20020619094145.H20472@seaman.org> In-Reply-To: <20020619133243.C258137B401@hub.freebsd.org>; from pmedwards@eircom.net on Wed, Jun 19, 2002 at 02:32:42PM %2B0100 References: <20020619133243.C258137B401@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 19, 2002 at 02:32:42PM +0100, Peter Edwards wrote: > > Hi, > A couple of people have noted that the linux JDK 1.4 doesn't work for a > non-root user (on -STABLE). This is caused by sched_getscheduler() (in > sys/posix4/p1003_1b.c) failing for non-root users: by hacking > p31b_proc() to have a "read/write" flag, and a more lenient variant of > CAN_AFFECT() for read operations, my JDK works fine: but I don't feel > comfortable posting patches without understanding the security > ramifications more clearly > > The manpage for sched_getscheduler() doesn't document the permissions > very well, other than to defer to POSIX 1003.1b (which I don't have a > copy of, and SUSv2 is less than forthcoming) > > I would at least have thought that any process should at least be able > to get it's own scheduling parameter, and would have thought that this > was _not_ a "write-style" operation. Am I right? > > I was also wondering if it should be allowable for a non-root process to > set their scheduling parameters: I suppose this might lead to users > creating processes that could starve system processes. Should this > indeed be forbidden? (There's a #if 0'ed out version of CAN_AFFECT which > is much less paranoid, but there's no decent comment to describe why its > even there.) Can anyone shed (or even sched :-)) light on why CAN_AFFECT > is defined as it is? sched_setscheduler/sched_getscheduler are broken, permission wise, in both stable and current. In stable, permissions are too unreasonably restrictive, and in current too unreasonably loose. However, the sched_XXXX functions are mostly broken anyway. -- Richard Seaman, Jr. email: dick@seaman.org 5182 N. Maple Lane phone: 262-367-5450 Nashotah WI 53058 fax: 262-367-5852 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020619094145.H20472>