Re: [PATCH 3/8] ucounts: Fix and simplify RLIMIT_NPROC handling during setuid()+execve

From: Michal Koutný
Date: Tue Feb 15 2022 - 05:25:23 EST

Next message: Barry Song: "Re: [PATCH] arm64: smp: Skip MC domain for SoCs without shared cache"
Previous message: Greg Kroah-Hartman: "Re: [char-misc 1/4] mei: me: disable driver on the ign firmware"
In reply to: Eric W. Biederman: "Re: [PATCH 3/8] ucounts: Fix and simplify RLIMIT_NPROC handling during setuid()+execve"
Next in thread: Eric W. Biederman: "[PATCH 4/8] ucounts: Only except the root user in init_user_ns from RLIMIT_NPROC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 14, 2022 at 09:10:49AM -0600, "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> wrote:
> I really like how cleanly this patch seems to be. Unfortunately it is
> wrong.

It seems [1] so:

setuid() // RLIMIT_NPROC is fine at this moment
... fork()
...
... fork()
execve() // eh, oh

This "punishes" the exec'ing task although the cause is elsewhere.

Michal

[1] The decoupled setuid()+execve() check can be interpretted both ways.
I understood historically the excess at the setuid() moment is relevant.

Next message: Barry Song: "Re: [PATCH] arm64: smp: Skip MC domain for SoCs without shared cache"
Previous message: Greg Kroah-Hartman: "Re: [char-misc 1/4] mei: me: disable driver on the ign firmware"
In reply to: Eric W. Biederman: "Re: [PATCH 3/8] ucounts: Fix and simplify RLIMIT_NPROC handling during setuid()+execve"
Next in thread: Eric W. Biederman: "[PATCH 4/8] ucounts: Only except the root user in init_user_ns from RLIMIT_NPROC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]