From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751584AbdF1JkT (ORCPT ); Wed, 28 Jun 2017 05:40:19 -0400 Received: from mx2.suse.de ([195.135.220.15]:36061 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751489AbdF1JkM (ORCPT ); Wed, 28 Jun 2017 05:40:12 -0400 Date: Wed, 28 Jun 2017 11:40:06 +0200 (CEST) From: Jiri Kosina X-X-Sender: jkosina@pobox.suse.cz To: Oleg Nesterov cc: tip-bot for Michal Hocko , linux-tip-commits@vger.kernel.org, torvalds@linux-foundation.org, mingo@kernel.org, hpa@zytor.com, mhocko@suse.com, tglx@linutronix.de, davej@codemonkey.org.uk, peterz@infradead.org, linux-kernel@vger.kernel.org Subject: Re: [tip:x86/mm] x86/mmap, ASLR: Do not treat unlimited-stack tasks as legacy mmap In-Reply-To: <20170627142215.GA5645@redhat.com> Message-ID: References: <20170614082218.12450-1-mhocko@kernel.org> <20170623145441.GB9388@redhat.com> <20170627142215.GA5645@redhat.com> User-Agent: Alpine 2.20 (LSU 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 27 Jun 2017, Oleg Nesterov wrote: > Perhaps it makes sense to reset RLIMITs on suid exec (say, if > bprm->per_clear is not zero) ? Yes, it is not clear how should we define > SANE_RLIMITS_FOR_SUID, and this should probably depend on sysctl, etc. Hmm, this should be an userspace-defined policy. On a 'standard' (PAM-based) system, I think a sane expectation would be to get the same limits as the ones enforced by pam_limits configuration, but syncing those with kernel feels awkward. Thanks, -- Jiri Kosina SUSE Labs