Re: [PATCH] mm: larger stack guard gap, between vmas
From: Linus Torvalds
Date: Wed Jul 05 2017 - 19:55:26 EST
On Wed, Jul 5, 2017 at 4:50 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> As part of that should we put restrictions on the environment of
> set*id exec too?
I'm not seeing what sane limits you could use.
I think the concept of "reset as much of the environment to sane
things when running suid binaries" is a good concepr.
But we simply don't have any sane values to reset things to.