Re: [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common()

From: Willy Tarreau
Date: Fri Jul 15 2011 - 01:38:57 EST

Next message: Tejun Heo: "Re: [PATCH 2.5/13] memblock: Use __meminit[data] instead of__init[data]"
Previous message: Lin Ming: "Re: [PATCH] ftrace: Fix building warning with!CONFIG_FUNCTION_TRACER"
In reply to: NeilBrown: "Re: [PATCH] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Next in thread: Vasiliy Kulikov: "Re: [kernel-hardening] Re: [PATCH] move RLIMIT_NPROC check fromset_user() to do_execve_common()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Neil,

On Fri, Jul 15, 2011 at 01:30:13PM +1000, NeilBrown wrote:
(...)
> But what do you think of this. It sure that only the process which ignored
> the return value from setuid is inconvenienced.
(...)

I think this is a smart idea. But will the flag be inherited by children
over a fork() ? If not, we might as well block fork(), because we can
expect a lot of fork+exec situations which are as dangerous as the simple
execve().

Regards,
Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: [PATCH 2.5/13] memblock: Use __meminit[data] instead of__init[data]"
Previous message: Lin Ming: "Re: [PATCH] ftrace: Fix building warning with!CONFIG_FUNCTION_TRACER"
In reply to: NeilBrown: "Re: [PATCH] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Next in thread: Vasiliy Kulikov: "Re: [kernel-hardening] Re: [PATCH] move RLIMIT_NPROC check fromset_user() to do_execve_common()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]