real SetProcessClass and SetThreadPriority support
Mike Hearn
mh at codeweavers.com
Sat Apr 9 07:07:49 CDT 2005
On Fri, 08 Apr 2005 13:29:56 -0500, Robert Shearman wrote:
> > wineserver would need to be a setuid program but it could set
> > CAP_SYS_NICE at startup and immediately reduce it's privileges back to
> > normal.
>
> There are a number of problems:
> 1. I don't think that will work yet as the server process needs to have
> the same user ID as the client processes.
You can distinguish between the "user id" and "effective user id" in
POSIX. I don't remember the details but a suid binary can almost be two
users at once.
> 2. setuid binaries make
> sysadmins nervous and would require a security audit by us. Yes, they
> don't need to make it setuid, but then the people who do could run their
> programs as root anyway.
Presumably only the code up until the point at which we drop privs needs
to be audited though. Suid root binaries that drop privs are pretty common.
> 3. setuid programs are a nasty hack that work
> around limitation in the granularity of security in the kernel.
We could use SELinux to achieve the same effect, but it's less widely
deployed and understood.
> 4. This
> approach won't generalize for other apps on the system that might want
> to control the relative priority of their threads, such as MPlayer.
*shrug* That's what SELinux is for. Why do we care about MPlayer in this
specific instance?
thanks -mike
More information about the wine-devel
mailing list