Re: [RFC][PATCH] exec: Use init rlimits for setuid exec

From: Willy Tarreau
Date: Mon Jul 10 2017 - 12:53:03 EST


On Mon, Jul 10, 2017 at 09:18:09AM -0700, Linus Torvalds wrote:
> On Mon, Jul 10, 2017 at 9:12 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > Sounds good to me, but won't large-memory users in 32-bit get annoyed?
>
> We'll see.
>
> I suspect that all large-memory users have long since upgraded to
> x86-64 (rule of thumb: if you are upgrading kernels today, you
> probably upgraded hardware ten years ago), and that this may be a
> non-issue today.

I tend to agree. We've been using 32-bit machines with "a lot" (=2GB)
of RAM and haproxy using something like 1.3GB in the past, and it
started to become a bit complex due to ASLR puching large holes between
each and every shared object, forcing us to stop setting strict
overcommit limits for example. We've abandonned them after kernel 3.10,
when the new models had been migrated to 64 bits a few years ago already
and I think anyone doing anything serious with memory doesn't use 32-bit
at all.

Well I know of one exception :-) My netbook has 3 GB and is 32-bit,
running on 4.9 :

willy@eeepc:~$ uname -a
Linux eeepc 4.9.36-eeepc #1 SMP Mon Jul 10 07:33:29 CEST 2017 i686 Intel(R) Atom(TM) CPU N2800 @ 1.86GHz GenuineIntel GNU/Linux
willy@eeepc:~$ free
total used free shared buffers cached
Mem: 3097840 649816 2448024 0 52476 507216
-/+ buffers/cache: 90124 3007716
Swap: 1025440 0 1025440

It only runs end-user stuff (firefox) so it cannot be considered anything
serious.

Willy