Re: kern/37986: any user can hog the all cpu with _sched_setparam.

[Elad Efrat <elad%NetBSD.org@localhost>]

The following reply was made to PR kern/37986; it has been noted by GNATS.

From: Elad Efrat <elad%NetBSD.org@localhost>
To: "Mindaugas R." <rmind%NetBSD.org@localhost>
Cc: yamt%mwd.biglobe.ne.jp@localhost, gnats-bugs%NetBSD.org@localhost
Subject: Re: kern/37986: any user can hog the all cpu with _sched_setparam.
Date: Sun, 10 Feb 2008 15:58:47 +0200

 Mindaugas R. wrote:
 > Elad Efrat <elad%NetBSD.org@localhost> wrote:
 >> Mindaugas R. wrote:
 >>>>> Environment:
 >>>>> Description:
 >>>>   any user can hog the all cpu with _sched_setparam.
 >>>>> How-To-Repeat:
 >>>>   
 >>>>> Fix:
 >>>>   - pass neccessary info to kauth_authorize_foo.
 >>> What is not passed?
 >>>
 >>>>   - add appropriate checks in secmodel/.
 >>> Originally, sched_setparam was superuser-only call. It looks like Elad has
 >>> changed this behaviour in the 1.46 revision of secmodel_bsd44_suser.c .
 >>>
 >> Look at the compat code.
 > 
 > If compat code is wrong, we should not make native calls wrong too.
 > 
 >> I'm working on this.
 > 
 > Thanks.
 > 
 
 I'm not sure the compat code is wrong. It seems the policy present
 there, of checking root and uid matching, is closer to what other OSs
 seem to do in this regard (I only briefly looked at FreeBSD, Linux,
 Solaris, and HP-UX).
 
 Like I mentioned in a previous discussion, I think the new code in
 sys_sched.c needs to be refactored so it can be used from the compat
 code, and the compat code needs to grow (static) "normalization"
 routines to convert OS-specific parameters to native ones.
 
 Does this sound okay?
 
 -e.