On Thu, Jul 14, 2016 at 9:09 AM, John Stultz <john.stu...@linaro.org> wrote: > On Thu, Jul 14, 2016 at 5:48 AM, Serge E. Hallyn <se...@hallyn.com> wrote: >> Quoting Kees Cook (keesc...@chromium.org): >>> I think the original CAP_SYS_NICE should be fine. A malicious >>> CAP_SYS_NICE process can do plenty of insane things, I don't feel like >>> the timer slack adds to any realistic risks. >> >> Can someone give a detailed explanation of what you could do with >> the new timerslack feature and compare it to what you can do with >> sys_nice? > > Looking at the man page for CAP_SYS_NICE, it looks like such a task > can set a task as SCHED_FIFO, so they could fork some spinning > processes and set them all SCHED_FIFO 99, in effect delaying all other > tasks for an infinite amount of time. > > So one might argue setting large timerslack vlaues isn't that > different risk wise?
Right -- you can hose a system with CAP_SYS_NICE already; I don't think timerslack realistically changes that. -Kees -- Kees Cook Chrome OS & Brillo Security
