Re: [PATCH v4 1/2] coredump: Fixes core_pipe_limit sysctl proc_handler

From: Nicolas Bouchinet
Date: Fri Jan 17 2025 - 05:55:19 EST


On 1/16/25 1:32 AM, Kees Cook wrote:
On Wed, Jan 15, 2025 at 02:22:08PM +0100, nicolas.bouchinet@xxxxxxxxxxx wrote:
Any negative write or >= to INT_MAX in core_pipe_limit sysctl would
hypothetically allow a user to create very high load on the system by
running processes that produces a coredump in case the core_pattern
sysctl is configured to pipe core files to user space helper.
Memory or PID exhaustion should happen before but it anyway breaks the
core_pipe_limit semantic.
Isn't this true for "0" too (the default)? I'm not opposed to the change
since it makes things more clear, but I don't think the >=INT_MAX
problem is anything more than "functionally identical to 0". :)
Uhm, I think your right, its seems to be functionally identical.
0 codepath slightly differs from > 0 though since it won't trigger
wait_for_dump_helpers().

Thanks for your review,

Nicolas

Reviewed-by: Kees Cook <kees@xxxxxxxxxx>