On Tue, Jan 26, 2010 at 03:25:33PM +0100, Nico Golde wrote: > Hey, > * Bastian Blank <[email protected]> [2010-01-26 14:44]: > > On Tue, Jan 26, 2010 at 11:21:56AM +0100, Josselin Mouette wrote: > > > Le samedi 23 janvier 2010 à 11:37 +0100, Guido Günther a écrit : > > > > Should this really be handled in the screensaver? The user can also kill > > > > other processes during boot like accounting daemons and therefore > > > > compromise security. The only "fix" is to disable this feature. > > > I fully concur. Such a ???feature??? should be disabled by default, and > > > this > > > has to be done in the kernel packages. > > > > The OOM killer can always be forced with normal processes as long as > > over-commitment is enabled. So it is never save to add security measures > > within processes that can be killed seperately. > > Of course but this requires either a bug in another application that can be > used remotely or access to the system e.g. via an own account. > > > > I???d appreciate if we could have some input from the kernel maintainers. > > > > Someone with access to the console have several attack vectors > > available. > > True, but this one is trivial to exploit and is also fairly easy to prevent > so > why stick with it? I can only agree here. procps should at least get a:
sys.kernel.sysrq = 0 Safest would be to make the kernel default to off though (the user can still reenable this via procps) since there's otherwise still a race until /etc/init.d/procps starts. Cheers, -- Guido -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
