From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964828Ab1GOFiy (ORCPT ); Fri, 15 Jul 2011 01:38:54 -0400 Received: from 1wt.eu ([62.212.114.60]:37566 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753899Ab1GOFix (ORCPT ); Fri, 15 Jul 2011 01:38:53 -0400 Date: Fri, 15 Jul 2011 07:35:05 +0200 From: Willy Tarreau To: NeilBrown Cc: Solar Designer , James Morris , Linus Torvalds , Vasiliy Kulikov , linux-kernel@vger.kernel.org, Greg Kroah-Hartman , Andrew Morton , "David S. Miller" , kernel-hardening@lists.openwall.com, Jiri Slaby , Alexander Viro , linux-fsdevel@vger.kernel.org, KOSAKI Motohiro , Eric Paris , Stephen Smalley , Sebastian Krahmer Subject: Re: [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common() Message-ID: <20110715053505.GA24870@1wt.eu> References: <20110712132723.GA3193@albatros> <20110713091408.0d456352@notabene.brown> <20110713063142.GA19976@openwall.com> <20110713170657.59dae548@notabene.brown> <20110714112751.1bfd998f@notabene.brown> <20110714150602.GA30019@openwall.com> <20110715133013.4fa38d19@notabene.brown> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110715133013.4fa38d19@notabene.brown> User-Agent: Mutt/1.4.2.3i Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Neil, On Fri, Jul 15, 2011 at 01:30:13PM +1000, NeilBrown wrote: (...) > But what do you think of this. It sure that only the process which ignored > the return value from setuid is inconvenienced. (...) I think this is a smart idea. But will the flag be inherited by children over a fork() ? If not, we might as well block fork(), because we can expect a lot of fork+exec situations which are as dangerous as the simple execve(). Regards, Willy