Hey, * Bastian Blank <waldi@debian.org> [2010-01-26 14:44]: > On Tue, Jan 26, 2010 at 11:21:56AM +0100, Josselin Mouette wrote: > > Le samedi 23 janvier 2010 à 11:37 +0100, Guido Günther a écrit : > > > Should this really be handled in the screensaver? The user can also kill > > > other processes during boot like accounting daemons and therefore > > > compromise security. The only "fix" is to disable this feature. > > I fully concur. Such a ???feature??? should be disabled by default, and this > > has to be done in the kernel packages. > > The OOM killer can always be forced with normal processes as long as > over-commitment is enabled. So it is never save to add security measures > within processes that can be killed seperately. Of course but this requires either a bug in another application that can be used remotely or access to the system e.g. via an own account. > > I???d appreciate if we could have some input from the kernel maintainers. > > Someone with access to the console have several attack vectors > available. True, but this one is trivial to exploit and is also fairly easy to prevent so why stick with it? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpTcBgahpir2.pgp
Description: PGP signature