Date: Wed, 19 Jun 2002 14:32:42 +0100 From: "Peter Edwards" <pmedwards@eircom.net> To: hackers@freebsd.org Subject: sched_setscheduler() permissions and the linux JDK 1.4 Message-ID: <20020619133243.C258137B401@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Hi, A couple of people have noted that the linux JDK 1.4 doesn't work for a non-root user (on -STABLE). This is caused by sched_getscheduler() (in sys/posix4/p1003_1b.c) failing for non-root users: by hacking p31b_proc() to have a "read/write" flag, and a more lenient variant of CAN_AFFECT() for read operations, my JDK works fine: but I don't feel comfortable posting patches without understanding the security ramifications more clearly The manpage for sched_getscheduler() doesn't document the permissions very well, other than to defer to POSIX 1003.1b (which I don't have a copy of, and SUSv2 is less than forthcoming) I would at least have thought that any process should at least be able to get it's own scheduling parameter, and would have thought that this was _not_ a "write-style" operation. Am I right? I was also wondering if it should be allowable for a non-root process to set their scheduling parameters: I suppose this might lead to users creating processes that could starve system processes. Should this indeed be forbidden? (There's a #if 0'ed out version of CAN_AFFECT which is much less paranoid, but there's no decent comment to describe why its even there.) Can anyone shed (or even sched :-)) light on why CAN_AFFECT is defined as it is? -- Peter Edwards To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020619133243.C258137B401>