|
Message-ID: <20110711165900.GA14319@openwall.com> Date: Mon, 11 Jul 2011 20:59:00 +0400 From: Solar Designer <solar@...nwall.com> To: kernel-hardening@...ts.openwall.com Subject: Re: RLIMIT_NPROC check in set_user() Vasiliy, On Wed, Jul 06, 2011 at 10:59:32PM +0400, Vasiliy Kulikov wrote: > On Wed, Jul 06, 2011 at 11:01 -0700, Linus Torvalds wrote: > > My reaction is: "let's just remote the crazy check from set_user() > > entirely". > > Honestly, I didn't expect such a positive reaction from you in the first > reply :) After this is taken care of, please also consider other ways set*id() syscalls might fail on errors unrelated to the process possessing appropriate privileges. IIRC, set_user() could also fail when it's not able to allocate an instance of "struct user" - unlikely, but possible. I think the process must be killed on those errors. There's no better action to take on them. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.