Re: setuid and RLIMIT_NPROC and 3.1+

From: Linus Torvalds
Date: Wed May 09 2012 - 15:04:13 EST

On Mon, May 7, 2012 at 1:13 PM, Maciej Åenczykowski
<zenczykowski@xxxxxxxxx> wrote:
> The application was relying on setuid failing in order to do resource limiting
> (the man page for setresuid documents EAGAIN as the error you'll get if you
> can't switch to the new uid because of RLIMIT_NPROC being exceeded).
> It would detect the error condition and slow down.
> Now it doesn't get an error back and can grow out of control.

Ok. Maybe we could change the logic in set_user() to simply just check
both the soft and the hard limit.

At the hard limit, we just fail it. At the soft limit, we mark the
next execve() for failure.

That would seem to be a very natural model, and it would mean that you
could get the old behavior by simply making the hard limit the same as
the soft limit.

Would that work ok for your use case?

Trivial (but TOTALLY UNTESTED - so maybe it doesn't work) patch attached.


Attachment: patch.diff
Description: Binary data