Wiktor <[EMAIL PROTECTED]> said: > Horst von Brand wrote: > > Even better: Write a C wrapper for each affected program that just renices > > it as needed.
> I suggest to implement scalable solution, so the final user wont't have > to write separate wrapper for *each* program. Final user doesn't. It is a job for whoever writes the program, or packages it for a distro. If even required. > universal wrapper is > better solution, but (now i know, that implementing something that can > be dangerous if used incorrectly is so evil, that only the devil could > have proposed it) it forces use of database (that normally would be kept > in filesystem's file metadata) and if some-malicious-person would have > accessed it in write mode (as result of wrong file permissions), the > system performerance would be in danger. in my solution, there is > per-file attribute, accessible only for root, and if hacker has root > permissions, existence of nice attribute is meaningless. Anything like this that can be accessed by plain users (not root) is inherently dangerous. It is for a reason that only root can increase the priority of a process. If you allow reniceing and place some kind of limit on it, even Aunt Tillie will run her programs with priority maxed out, and we are back were we are today. -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
