On Wed, Feb 21, 2007 at 10:38:49AM +0100, Marco Pesenti Gritti wrote: > On Wed, 2007-02-21 at 14:58 +0530, Joshua N Pritikin wrote: > > On Tue, Feb 20, 2007 at 05:15:19PM +0100, Marco Pesenti Gritti wrote: > > > On Tue, 2007-02-20 at 21:28 +0530, Joshua N Pritikin wrote: > > > > On Mon, Feb 19, 2007 at 01:51:07PM +0100, Marco Pesenti Gritti wrote: > > > > > Is /proc/pid/oom_adj supposed to be user writable? > > > > > > > > It needs capable(CAP_SYS_RESOURCE). Is OLPC going to employ SELinux or > > > > somesuch for Bitfrost? If not then some kind of mini-server running as > > > > root will be needed to traverse the security barrier. > > > > > > We already have that (hardwaremanager on dev.laptop.org). > > > > Can any process connect to hardwaremanager? If so, then oom_adj needs > > to be somewhere else. A malicious process could set oom_adj such that > > the next process to die is sugar. Only sugar should have access to set > > oom_adj. > > Currently any process can connect, but only sugar really needs to. I > don't see problem with limiting access.
Oh, can dbus really limit access? _______________________________________________ Sugar mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/sugar
