Re: kern/37986: any user can hog the all cpu with _sched_setparam.

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,yamt%mwd.biglobe.ne.jp@localhost
Subject: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
From: "Mindaugas R." <rmind%NetBSD.org@localhost>
Date: Sun, 10 Feb 2008 13:40:03 +0000 (UTC)

The following reply was made to PR kern/37986; it has been noted by GNATS.

From: "Mindaugas R." <rmind%NetBSD.org@localhost>
To: Elad Efrat <elad%NetBSD.org@localhost>
Cc: yamt%mwd.biglobe.ne.jp@localhost, gnats-bugs%NetBSD.org@localhost, 
netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
Date: Sun, 10 Feb 2008 13:36:39 +0000

 Elad Efrat <elad%NetBSD.org@localhost> wrote:
 > Mindaugas R. wrote:
 > >>> Environment:
 > >>> Description:
 > >>   any user can hog the all cpu with _sched_setparam.
 > >>> How-To-Repeat:
 > >>   
 > >>> Fix:
 > >>   - pass neccessary info to kauth_authorize_foo.
 > > 
 > > What is not passed?
 > > 
 > >>   - add appropriate checks in secmodel/.
 > > 
 > > Originally, sched_setparam was superuser-only call. It looks like Elad has
 > > changed this behaviour in the 1.46 revision of secmodel_bsd44_suser.c .
 > > 
 > 
 > Look at the compat code.

 If compat code is wrong, we should not make native calls wrong too.

 > I'm working on this.

 Thanks.

 -- 
 Best regards,
 Mindaugas
 www.NetBSD.org

Prev by Date: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
Next by Date: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
Previous by Thread: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
Next by Thread: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
Indexes:

Home | Main Index | Thread Index | Old Index