Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110724180231.GA5134@albatros>
Date: Sun, 24 Jul 2011 22:02:31 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH] move RLIMIT_NPROC check from
 set_user() to do_execve_common()

Solar,

On Sun, Jul 24, 2011 at 18:32 +0400, Solar Designer wrote:
> On Thu, Jul 21, 2011 at 04:48:30PM +0400, Solar Designer wrote:
> > Here's my current proposal:
> > 
> > 1. Apply Vasiliy's patch to move the RLIMIT_NPROC check from setuid() to
> > execve(), optionally enhanced with setting PF_SETUSER_FAILED on
> > would-be-failed setuid() and checking this flag in execve() (in addition
> > to repeating the RLIMIT_NPROC check).
> > 
> > 2. With a separate patch, add a prctl() to read the PF_SETUSER_FAILED flag.
> > Android will be able to use this if it wants to.
> 
> Can you please implement these two patches and post them to LKML?
> (Include the PF_SETUSER_FAILED implementation in the first patch.)

I think (2) is too compicated.  IIRC, application already may read
process flags via procfs.  I'll prepare and test (1).

Thanks,

-- 
Vasiliy

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.