From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751892AbcGNQJi (ORCPT <rfc822;w@1wt.eu>);
	Thu, 14 Jul 2016 12:09:38 -0400
Received: from mail-oi0-f44.google.com ([209.85.218.44]:36471 "EHLO
	mail-oi0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751835AbcGNQJf (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 14 Jul 2016 12:09:35 -0400
MIME-Version: 1.0
In-Reply-To: <20160714124806.GB31333@mail.hallyn.com>
References: <1455671191-32105-1-git-send-email-john.stultz@linaro.org>
 <1455671191-32105-3-git-send-email-john.stultz@linaro.org>
 <CALAqxLUsJ8Aph76mJ9xZWry56xvL8wKy+HVbgh=NQ-fimFUtJg@mail.gmail.com>
 <CAGXu5jJwAVdKBKUgWgGvwoHn8p7bNWMVK8+BNqmaE+Q7TrT1rA@mail.gmail.com> <20160714124806.GB31333@mail.hallyn.com>
From: John Stultz <john.stultz@linaro.org>
Date: Thu, 14 Jul 2016 09:09:33 -0700
Message-ID: <CALAqxLWb6LaLro-dCYF1Upm1=4Dag1JfrmsxrjWhc6x-keGzkg@mail.gmail.com>
Subject: Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Kees Cook <keescook@chromium.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Arjan van de Ven <arjan@linux.intel.com>,
        lkml <linux-kernel@vger.kernel.org>, Oren Laadan <orenl@cellrox.com>,
        Ruchi Kandoi <kandoiruchi@google.com>,
        Rom Lemarchand <romlem@android.com>,
        Android Kernel Team <kernel-team@android.com>,
        Todd Kjos <tkjos@google.com>, Colin Cross <ccross@android.com>,
        Nick Kralevich <nnk@google.com>, Dmitry Shmidt <dimitrysh@google.com>,
        Elliott Hughes <enh@google.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jul 14, 2016 at 5:48 AM, Serge E. Hallyn <serge@hallyn.com> wrote:
> Quoting Kees Cook (keescook@chromium.org):
>> I think the original CAP_SYS_NICE should be fine. A malicious
>> CAP_SYS_NICE process can do plenty of insane things, I don't feel like
>> the timer slack adds to any realistic risks.
>
> Can someone give a detailed explanation of what you could do with
> the new timerslack feature and compare it to what you can do with
> sys_nice?

Looking at the man page for CAP_SYS_NICE, it looks like such a task
can set a task as SCHED_FIFO, so they could fork some spinning
processes and set them all SCHED_FIFO 99, in effect delaying all other
tasks for an infinite amount of time.

So one might argue setting large timerslack vlaues isn't that
different risk wise?

thanks
-john