|
Message-ID: <4E1D2EF9.3090201@jp.fujitsu.com> Date: Wed, 13 Jul 2011 14:36:57 +0900 From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> To: segoon@...nwall.com CC: torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org, gregkh@...e.de, akpm@...ux-foundation.org, davem@...emloft.net, kernel-hardening@...ts.openwall.com, jslaby@...e.cz, jmorris@...ei.org, neilb@...e.de, viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common() (2011/07/12 22:27), Vasiliy Kulikov wrote: > The patch http://lkml.org/lkml/2003/7/13/226 introduced a RLIMIT_NPROC > check in set_user() to check for NPROC exceeding via setuid() and > similar functions. Before the check there was a possibility to greatly > exceed the allowed number of processes by an unprivileged user if the > program relied on rlimit only. But the check created new security > threat: many poorly written programs simply don't check setuid() return > code and believe it cannot fail if executed with root privileges. So, > the check is removed in this patch because of too often privilege > escalations related to buggy programs. > > The NPROC can still be enforced in the common code flow of daemons > spawning user processes. Most of daemons do fork()+setuid()+execve(). > The check introduced in execve() enforces the same limit as in setuid() > and doesn't create similar security issues. > > Similar check was introduced in -ow patches. > > Signed-off-by: Vasiliy Kulikov <segoon@...nwall.com> BSD folks tell me NetBSD has the exactly same hack (ie check at exec instead setuid) since 2008. Then, I think this is enough proved safer way. http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/kern_exec.c?rev=1.316&content-type=text/x-cvsweb-markup&only_with_tag=MAIN Thx.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.