Bug#564079: Is this really a screensaver issue?

[Bastian Blank]

On Tue, Jan 26, 2010 at 11:21:56AM +0100, Josselin Mouette wrote:
> Le samedi 23 janvier 2010 à 11:37 +0100, Guido Günther a écrit :
> > Should this really be handled in the screensaver? The user can also kill
> > other processes during boot like accounting daemons and therefore
> > compromise security. The only "fix" is to disable this feature.
> I fully concur. Such a “feature” should be disabled by default, and this
> has to be done in the kernel packages.

The OOM killer can always be forced with normal processes as long as
over-commitment is enabled. So it is never save to add security measures
within processes that can be killed seperately.

> I’d appreciate if we could have some input from the kernel maintainers.

Someone with access to the console have several attack vectors
available.

Bastian

-- 
Earth -- mother of the most beautiful women in the universe.
		-- Apollo, "Who Mourns for Adonais?" stardate 3468.1