Re: [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common()

From: Linus Torvalds
Date: Tue Jul 12 2011 - 17:16:39 EST

Next message: Sonny Rao: "[PATCH] [RFC] perf: robustify proc and debugfs file recording"
Previous message: Julie Sullivan: "Re: PROBLEM: 3.0-rc kernels unbootable since -rc3"
In reply to: Vasiliy Kulikov: "[PATCH] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Next in thread: NeilBrown: "Re: [PATCH] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 12, 2011 at 6:27 AM, Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:
>
> The NPROC can still be enforced in the common code flow of daemons
> spawning user processes. Most of daemons do fork()+setuid()+execve().
> The check introduced in execve() enforces the same limit as in setuid()
> and doesn't create similar security issues.

Ok, this looks fine by me. I'd like to get some kind of comment from
the selinux etc people (James?) but I'd certainly be willing to take
this.

Failing when executing a suid application rather than when a suid
application releases its heightened credentials seems to be the
fundamentally saner approach. IOW, failing to raise privileges rather
than failing to lower them.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sonny Rao: "[PATCH] [RFC] perf: robustify proc and debugfs file recording"
Previous message: Julie Sullivan: "Re: PROBLEM: 3.0-rc kernels unbootable since -rc3"
In reply to: Vasiliy Kulikov: "[PATCH] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Next in thread: NeilBrown: "Re: [PATCH] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]