diff options
| author | John Stultz <[email protected]> | 2016-10-07 17:02:26 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2016-10-07 18:46:30 -0700 |
| commit | 7abbaf94049914f074306d960b0f968ffe52e59f (patch) | |
| tree | 8b0166be20e0400467cd7441783ba7b34b32985b /tools/perf/util/trace-event-scripting.c | |
| parent | e16e2d8e14a14bd87df8482c637dde8f760a8d5f (diff) | |
proc: relax /proc/<tid>/timerslack_ns capability requirements
When an interface to allow a task to change another tasks timerslack was
first proposed, it was suggested that something greater then
CAP_SYS_NICE would be needed, as a task could be delayed further then
what normally could be done with nice adjustments.
So CAP_SYS_PTRACE was adopted instead for what became the
/proc/<tid>/timerslack_ns interface. However, for Android (where this
feature originates), giving the system_server CAP_SYS_PTRACE would allow
it to observe and modify all tasks memory. This is considered too high
a privilege level for only needing to change the timerslack.
After some discussion, it was realized that a CAP_SYS_NICE process can
set a task as SCHED_FIFO, so they could fork some spinning processes and
set them all SCHED_FIFO 99, in effect delaying all other tasks for an
infinite amount of time.
So as a CAP_SYS_NICE task can already cause trouble for other tasks,
using it as a required capability for accessing and modifying
/proc/<tid>/timerslack_ns seems sufficient.
Thus, this patch loosens the capability requirements to CAP_SYS_NICE and
removes CAP_SYS_PTRACE, simplifying some of the code flow as well.
This is technically an ABI change, but as the feature just landed in
4.6, I suspect no one is yet using it.
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: John Stultz <[email protected]>
Reviewed-by: Nick Kralevich <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
Acked-by: Kees Cook <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: "Serge E. Hallyn" <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Arjan van de Ven <[email protected]>
Cc: Oren Laadan <[email protected]>
Cc: Ruchi Kandoi <[email protected]>
Cc: Rom Lemarchand <[email protected]>
Cc: Todd Kjos <[email protected]>
Cc: Colin Cross <[email protected]>
Cc: Nick Kralevich <[email protected]>
Cc: Dmitry Shmidt <[email protected]>
Cc: Elliott Hughes <[email protected]>
Cc: Android Kernel Team <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/util/trace-event-scripting.c')
0 files changed, 0 insertions, 0 deletions