Re: kern/37986: any user can hog the all cpu with _sched_setparam.

To: yamt%mwd.biglobe.ne.jp@localhost, elad%netbsd.org@localhost
Subject: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
From: "Mindaugas R." <rmind%NetBSD.org@localhost>
Date: Sun, 10 Feb 2008 13:29:32 +0000

> >Environment:
> >Description:
>       any user can hog the all cpu with _sched_setparam.
> >How-To-Repeat:
>       
> >Fix:
>       - pass neccessary info to kauth_authorize_foo.

What is not passed?

>       - add appropriate checks in secmodel/.

Originally, sched_setparam was superuser-only call. It looks like Elad has
changed this behaviour in the 1.46 revision of secmodel_bsd44_suser.c .

-- 
Best regards,
Mindaugas
www.NetBSD.org

Prev by Date: Re: kern/37987: sys__sched_getparam doesn't work if LWP with lid=1 exited.
Next by Date: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
Previous by Thread: kern/37986: any user can hog the all cpu with _sched_setparam.
Next by Thread: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
Indexes:

Home | Main Index | Thread Index | Old Index