From: Linus Torvalds <torvalds@linux-foundation.org>
To: Vasiliy Kulikov <segoon@openwall.com>
Cc: linux-kernel@vger.kernel.org, Greg Kroah-Hartman <gregkh@suse.de>,
Andrew Morton <akpm@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>,
Jiri Slaby <jslaby@suse.cz>, James Morris <jmorris@namei.org>,
Neil Brown <neilb@suse.de>,
kernel-hardening@lists.openwall.com
Subject: Re: RLIMIT_NPROC check in set_user()
Date: Wed, 6 Jul 2011 11:01:47 -0700 [thread overview]
Message-ID: <CA+55aFyfjG1h2zkkGai_VPM8p5bhWhvNXs1HvuWMgxv4RSywYw@mail.gmail.com> (raw)
In-Reply-To: <20110706173631.GA5431@albatros>
On Wed, Jul 6, 2011 at 10:36 AM, Vasiliy Kulikov <segoon@openwall.com> wrote:
> On Sun, Jun 12, 2011 at 17:09 +0400, Vasiliy Kulikov wrote:
>> I'd be happy to hear opinions about improving the fixes above or
>> alternative fixes.
>
> No comments? Even "Sigh, what a nasty problem. But we cannot really
> fix it without significantly breaking the stuff. Go and drink something." ?
Thanks for reminding me.
My reaction is: "let's just remote the crazy check from set_user()
entirely". If somebody has credentials to change users, they damn well
have credentials to override the RLIMIT_NPROC too, and as you say,
failure is likely a bigger security threat than success.
The whole point of RLIMIT_NPROC is to avoid fork-bombs. If we go over
the limit for some other reason that is controlled by the super-user,
who cares?
So let's keep it in kernel/fork.c where we actually create a *new*
process (and where everybody knows exactly what the limit means, and
people who don't check for error cases are just broken). And remove it
from everywhere else.
Hmm?
Linus
next prev parent reply other threads:[~2011-07-06 18:08 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-12 13:09 RLIMIT_NPROC check in set_user() Vasiliy Kulikov
2011-07-06 17:36 ` Vasiliy Kulikov
2011-07-06 18:01 ` Linus Torvalds [this message]
2011-07-06 18:59 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-07 7:56 ` Vasiliy Kulikov
2011-07-07 8:19 ` Vasiliy Kulikov
2011-07-12 13:27 ` [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common() Vasiliy Kulikov
2011-07-12 21:16 ` Linus Torvalds
2011-07-12 23:14 ` NeilBrown
2011-07-13 6:31 ` Solar Designer
2011-07-13 7:06 ` NeilBrown
2011-07-13 20:46 ` Linus Torvalds
2011-07-14 0:11 ` James Morris
2011-07-14 1:27 ` NeilBrown
2011-07-14 15:06 ` Solar Designer
2011-07-15 3:30 ` NeilBrown
2011-07-15 5:35 ` Willy Tarreau
2011-07-15 6:31 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-15 7:06 ` NeilBrown
2011-07-15 7:38 ` Vasiliy Kulikov
2011-07-15 13:04 ` Solar Designer
2011-07-15 13:58 ` [kernel-hardening] " Stephen Smalley
2011-07-15 15:26 ` Vasiliy Kulikov
2011-07-15 19:54 ` Stephen Smalley
2011-07-21 4:09 ` NeilBrown
2011-07-21 12:48 ` Solar Designer
2011-07-21 18:21 ` Linus Torvalds
2011-07-21 19:39 ` [kernel-hardening] " Solar Designer
2011-07-25 17:14 ` Vasiliy Kulikov
2011-07-25 23:40 ` [kernel-hardening] " Solar Designer
2011-07-26 0:47 ` NeilBrown
2011-07-26 1:16 ` Solar Designer
2011-07-26 4:11 ` NeilBrown
2011-07-26 14:48 ` [patch v2] " Vasiliy Kulikov
2011-07-27 2:15 ` NeilBrown
2011-07-29 7:07 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-29 8:06 ` Vasiliy Kulikov
2011-07-29 8:11 ` [patch v3] " Vasiliy Kulikov
2011-07-29 8:17 ` James Morris
2011-07-14 1:30 ` [PATCH] " KOSAKI Motohiro
2011-07-13 5:36 ` KOSAKI Motohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFyfjG1h2zkkGai_VPM8p5bhWhvNXs1HvuWMgxv4RSywYw@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=gregkh@suse.de \
--cc=jmorris@namei.org \
--cc=jslaby@suse.cz \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.de \
--cc=segoon@openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).