Re: "core dump helper" runs always as root

From: Reto Buerki
Date: Fri Jul 18 2008 - 07:23:18 EST

Next message: Andi Kleen: "Re: [PATCH 00/23] tracehook"
Previous message: Octavian Purdila: "Re: [PATCH] tcp: do not promote SPLICE_F_NONBLOCK to socket O_NONBLOCK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If we run the usermode helper with the privileges of the dying process, what do
> we do about rlimit enforcement? They don't have a PAM environment, so either
> they get the default rlimits, or we have to make them inherit their limits from
> the dying process. This is very problematic if the process died due to
> exceeding an rlimit.

I'm not sure if I understand your objection correctly, but I thought
RLIMIT_CORE is ignored when using piped syntax with core_pattern.

At least this is how I interpret the code and the corresponding comment
in do_coredump() (fs/exec.c). The comment explicitly states that there's
no need to check RLIMIT_CORE value because file size limits and
permissions apply as they do with any other process.

There are also no further rlimit checks in usermode helper functions, at
least I could not find any ...

- reto

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [PATCH 00/23] tracehook"
Previous message: Octavian Purdila: "Re: [PATCH] tcp: do not promote SPLICE_F_NONBLOCK to socket O_NONBLOCK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]