Re: [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common()
From: Willy Tarreau
Date: Fri Jul 15 2011 - 01:38:57 EST
Hi Neil,
On Fri, Jul 15, 2011 at 01:30:13PM +1000, NeilBrown wrote:
(...)
> But what do you think of this. It sure that only the process which ignored
> the return value from setuid is inconvenienced.
(...)
I think this is a smart idea. But will the flag be inherited by children
over a fork() ? If not, we might as well block fork(), because we can
expect a lot of fork+exec situations which are as dangerous as the simple
execve().
Regards,
Willy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/