real SetProcessClass and SetThreadPriority support
Robert Shearman
rob at codeweavers.com
Sun Apr 10 19:42:25 CDT 2005
Mike Hearn wrote:
>On Fri, 08 Apr 2005 13:29:56 -0500, Robert Shearman wrote:
>
>
>>2. setuid binaries make
>>sysadmins nervous and would require a security audit by us. Yes, they
>>don't need to make it setuid, but then the people who do could run their
>>programs as root anyway.
>>
>>
>
>Presumably only the code up until the point at which we drop privs needs
>to be audited though. Suid root binaries that drop privs are pretty common.
>
>
You're forgetting the reason why we need the suid root binary - because
allowing processes to set their priority as realtime (or otherwise very
high) leaves the system open to a trvial DoS attack. Not only do the
startup code paths need to be audited, but also the priority setting
logic too.
Rob
More information about the wine-devel
mailing list