Re: setuid and RLIMIT_NPROC and 3.1+

From: Linus Torvalds
Date: Mon May 07 2012 - 11:22:55 EST

Next message: Malcolm Priestley: "[PATCH] re: drivers: Probable misuses of || - it913x.c"
Previous message: Stephane Eranian: "Re: [PATCH 4/7] perf/x86-ibs: Add support for IBS pseudo events"
In reply to: Maciej Åenczykowski: "setuid and RLIMIT_NPROC and 3.1+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 7, 2012 at 3:06 AM, Maciej Åenczykowski
<zenczykowski@xxxxxxxxx> wrote:
>
> Having read the commit in question I get what it is trying to prevent,
> but perhaps the setuid call should still be returning an error code
> [E2BIG? EBUSY? EOVERFLOW? ENAVAIL?] for those programs that do bother
> to check, even though it would 'succeed' in changing uid?
>
> (In my case there is no exec following the setuid...)

But that means that in your case the setuid() did actually succeed.

So you didn't get an error return, and the setuid() actually worked.
Only a later exec() would cause an error, but since you didn't do an
exec(), everything should be perfectly fine.

So returning an error would actually be confusing: it would make the
caller think that the setuid() failed and that you're still running
with the old uid. But it isn't.

So can you explain what the problem is for your workload? As far as I
can tell, it should all work perfectly well.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Malcolm Priestley: "[PATCH] re: drivers: Probable misuses of || - it913x.c"
Previous message: Stephane Eranian: "Re: [PATCH 4/7] perf/x86-ibs: Add support for IBS pseudo events"
In reply to: Maciej Åenczykowski: "setuid and RLIMIT_NPROC and 3.1+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]