Re: [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common()
From: KOSAKI Motohiro
Date: Wed Jul 13 2011 - 01:37:17 EST
(2011/07/12 22:27), Vasiliy Kulikov wrote:
> The patch http://lkml.org/lkml/2003/7/13/226 introduced a RLIMIT_NPROC
> check in set_user() to check for NPROC exceeding via setuid() and
> similar functions. Before the check there was a possibility to greatly
> exceed the allowed number of processes by an unprivileged user if the
> program relied on rlimit only. But the check created new security
> threat: many poorly written programs simply don't check setuid() return
> code and believe it cannot fail if executed with root privileges. So,
> the check is removed in this patch because of too often privilege
> escalations related to buggy programs.
>
> The NPROC can still be enforced in the common code flow of daemons
> spawning user processes. Most of daemons do fork()+setuid()+execve().
> The check introduced in execve() enforces the same limit as in setuid()
> and doesn't create similar security issues.
>
> Similar check was introduced in -ow patches.
>
> Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx>
BSD folks tell me NetBSD has the exactly same hack (ie check at exec instead
setuid) since 2008. Then, I think this is enough proved safer way.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/kern_exec.c?rev=1.316&content-type=text/x-cvsweb-markup&only_with_tag=MAIN
Thx.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/