Re: [kernel-hardening] [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common()
From: Solar Designer
Date: Mon Jul 25 2011 - 19:40:33 EST
Vasiliy,
On Mon, Jul 25, 2011 at 09:14:23PM +0400, Vasiliy Kulikov wrote:
> @@ -1433,6 +1433,19 @@ static int do_execve_common(const char *filename,
> struct files_struct *displaced;
> bool clear_in_exec;
> int retval;
> + const struct cred *cred = current_cred();
> +
> + /*
> + * We move the actual failure in case of RLIMIT_NPROC excess from
> + * set*uid() to execve() because too many poorly written programs
> + * don't check setuid() return code. Here we additionally recheck
> + * whether NPROC limit is still exceeded.
> + */
> + if ((current->flags & PF_NPROC_EXCEEDED) &&
> + atomic_read(&cred->user->processes) > rlimit(RLIMIT_NPROC)) {
> + retval = -EAGAIN;
> + goto out_ret;
> + }
Do you possibly need:
current->flags &= ~PF_NPROC_EXCEEDED;
somewhere after this point?
I think it's weird to have past set_user() failure affect other than the
very next execve().
Perhaps also reset the flag on fork() because we have an RLIMIT_NPROC
check on fork() anyway.
Thanks,
Alexander
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/