Re: Bug#564079: Is this really a screensaver issue?
- To: 564079@bugs.debian.org
- Cc: Guido Günther <agx@sigxcpu.org>, Lars Olav Dybsjord <larsod@ping.uio.no>, Holger Levsen <holger@layer-acht.org>, Nico Golde <nion@debian.org>, debian-kernel@lists.debian.org
- Subject: Re: Bug#564079: Is this really a screensaver issue?
- From: Bastian Blank <waldi@debian.org>
- Date: Tue, 26 Jan 2010 12:00:12 +0100
- Message-id: <[🔎] 20100126110012.GA5525@wavehammer.waldi.eu.org>
- Mail-followup-to: 564079@bugs.debian.org, Guido Günther <agx@sigxcpu.org>, Lars Olav Dybsjord <larsod@ping.uio.no>, Holger Levsen <holger@layer-acht.org>, Nico Golde <nion@debian.org>, debian-kernel@lists.debian.org
- In-reply-to: <[🔎] 1264501316.9348.12.camel@meh>
- References: <20100123103716.GA14905@bogon.sigxcpu.org> <[🔎] 1264501316.9348.12.camel@meh>
On Tue, Jan 26, 2010 at 11:21:56AM +0100, Josselin Mouette wrote:
> Le samedi 23 janvier 2010 à 11:37 +0100, Guido Günther a écrit :
> > Should this really be handled in the screensaver? The user can also kill
> > other processes during boot like accounting daemons and therefore
> > compromise security. The only "fix" is to disable this feature.
> I fully concur. Such a “feature” should be disabled by default, and this
> has to be done in the kernel packages.
The OOM killer can always be forced with normal processes as long as
over-commitment is enabled. So it is never save to add security measures
within processes that can be killed seperately.
> I’d appreciate if we could have some input from the kernel maintainers.
Someone with access to the console have several attack vectors
available.
Bastian
--
Earth -- mother of the most beautiful women in the universe.
-- Apollo, "Who Mourns for Adonais?" stardate 3468.1
Reply to: