|| ||Linus Torvalds <torvalds-AT-linux-foundation.org> |
|| ||Vasiliy Kulikov <segoon-AT-openwall.com> |
|| ||Re: RLIMIT_NPROC check in set_user() |
|| ||Wed, 6 Jul 2011 11:01:47 -0700|
|| ||linux-kernel-AT-vger.kernel.org, Greg Kroah-Hartman <gregkh-AT-suse.de>,
Andrew Morton <akpm-AT-linux-foundation.org>,
"David S. Miller" <davem-AT-davemloft.net>,
Jiri Slaby <jslaby-AT-suse.cz>, James Morris <jmorris-AT-namei.org>,
Neil Brown <neilb-AT-suse.de>, kernel-hardening-AT-lists.openwall.com|
|| ||Article, Thread
On Wed, Jul 6, 2011 at 10:36 AM, Vasiliy Kulikov <email@example.com> wrote:
> On Sun, Jun 12, 2011 at 17:09 +0400, Vasiliy Kulikov wrote:
>> I'd be happy to hear opinions about improving the fixes above or
>> alternative fixes.
> No comments? Even "Sigh, what a nasty problem. But we cannot really
> fix it without significantly breaking the stuff. Go and drink something." ?
Thanks for reminding me.
My reaction is: "let's just remote the crazy check from set_user()
entirely". If somebody has credentials to change users, they damn well
have credentials to override the RLIMIT_NPROC too, and as you say,
failure is likely a bigger security threat than success.
The whole point of RLIMIT_NPROC is to avoid fork-bombs. If we go over
the limit for some other reason that is controlled by the super-user,
So let's keep it in kernel/fork.c where we actually create a *new*
process (and where everybody knows exactly what the limit means, and
people who don't check for error cases are just broken). And remove it
from everywhere else.
to post comments)