New SetThreadPriority patch
Mike Hearn
mike at plan99.net
Sat Apr 15 13:48:56 CDT 2006
This one uses POSIX capabilities to drop all root privs except for
CAP_SYS_NICE, therefore, this is reasonably secure.
There is one catch. For some reason a suid root app cannot read
/proc/self/exe so relocatability isn't used, and anyway it'd be
insecure even if it could as you could hard link wineserver then trick
it into loading a malicious library relative to $ORIGIN.
I think I will investigate this a bit more, but perhaps later. For now
this is fine for RPMs and packages etc, which install to /usr, as they
can simply "chmod +s wineserver" and have apps with solid audio.
thanks -mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scheduler2.patch
Type: text/x-patch
Size: 4984 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20060415/552c26c1/scheduler2.patch
More information about the wine-devel
mailing list