> On Sat, Jan 08, 2000 at 09:56:36PM +0000, Alan Cox wrote:
> > Just cover the 1Gb poll array DoS case and it should be fine
>
> We already do
>
> err = -EINVAL;
> if (nfds > current->files->max_fds)
> goto out;
>
> ie you can't poll for more file descriptors than the process has.
> Which is in turn ulimited. What else can we reasonably check?
This is a mistake, IMO. It's actually quite common to poll on more file
descriptors than the process has, and working around this requires some
Linux-specific hacking for some applications. I do agree, however, that you
shouldn't be able to poll on more file descriptors than your process _could_
have -- that is, your ulimit.
It's quite common for an application that is configured to use up to 2,048
file descriptors to create an array of 2,048 poll structures and set all the
fd values to -1. It then polls on this whole set, changing each fd value to
the correct number when it uses it.
This works fine on FreeBSD, Solaris, and many other OSes, but breaks on
Linux.
DS
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:13 EST