Re: [PATCH] mm: larger stack guard gap, between vmas

From: Linus Torvalds
Date: Wed Jul 05 2017 - 19:55:26 EST

On Wed, Jul 5, 2017 at 4:50 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> As part of that should we put restrictions on the environment of
> set*id exec too?

I'm not seeing what sane limits you could use.

I think the concept of "reset as much of the environment to sane
things when running suid binaries" is a good concepr.

But we simply don't have any sane values to reset things to.