Re: [PATCH] mm: larger stack guard gap, between vmas
From: Willy Tarreau
Date: Thu Jul 06 2017 - 01:24:18 EST
On Wed, Jul 05, 2017 at 05:19:47PM -0700, Andy Lutomirski wrote:
> I think it's ridiculous that you can change rlimits and then
> exec a setuid thing. It's not so easy to fix, though. Maybe track,
> per-task, inherited by clone and exec, what the rlimits were the last
> time the process had privilege and reset to those limits when running
> something setuid. But a better approach might be to have some sysctls
> that say what the rlimits become when doing setuid.
*Some* rlimits are useful and needed for the user as you mentionned.
RLIMIT_CORE definitely is one of them, especially for debugging, when
combined with suid_dumpable. Some others like RLIMIT_STACK should
probably never be configurable at all and cause trouble. Probably
that simply having a sysctl to set this one for setuid programs and
ignore the current limit would be enough. We could even imagine another
one to set the stack guard gap for setuid programs (this would also
limit the impacts of having a large gap for everyone).
> We need per-user-ns sysctls for stuff like this, and we don't really
> have them...
I don't think we need to be this fine-grained. min_mmap_addr is global,
is used to address very similar issues and nobody seems to complain.