On Tue, Jan 26, 2010 at 11:21:56AM +0100, Josselin Mouette wrote: > Le samedi 23 janvier 2010 à 11:37 +0100, Guido Günther a écrit : > > Should this really be handled in the screensaver? The user can also kill > > other processes during boot like accounting daemons and therefore > > compromise security. The only "fix" is to disable this feature. > I fully concur. Such a “feature” should be disabled by default, and this > has to be done in the kernel packages.
The OOM killer can always be forced with normal processes as long as over-commitment is enabled. So it is never save to add security measures within processes that can be killed seperately. > I’d appreciate if we could have some input from the kernel maintainers. Someone with access to the console have several attack vectors available. Bastian -- Earth -- mother of the most beautiful women in the universe. -- Apollo, "Who Mourns for Adonais?" stardate 3468.1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org