Re: [RFC][PATCH] exec: Use init rlimits for setuid exec

[Kees Cook]

On Fri, Jul 7, 2017 at 9:06 AM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Jul 6, 2017 at 11:10 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>> On Thu, Jul 6, 2017 at 11:02 PM, Linus Torvalds
>> <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>>> So 2+MB is still definitely something people can do (and probably *do* do).
>>
>> With the default 8MB stack, most people are already limited to 2MB
>> here. I guess the question is, do people raise their stack rlimit to
>> gain more arguments? Should I pick a different value for the args?
>
> So I would not be at all surprised if people just made the stack limit
> higher when they hit the E2BIG issue in some script.
>
> So yes, I'd make the max args cutoff be higher than 2MB.
>
> I'd suggest we make the code do:
>
>  (a) keep the existing rlimit/4 check (so *most* people will see the
> exact same behavior)
>
>  (b) add a static max arg check for something that is closer to 8MB
> but leaves a somewhat reasonable stack size even if the stack size get
> reset to 8MB
>
> I'd suggest that (b) case just be 6MB or something. Maybe make it
> (_STK_LIM/4*3) or whatever, in case we ever end up changing that
> value.

Sounds good. I'll send a patch...

-Kees

-- 
Kees Cook
Pixel Security