Re: [patch v2] move RLIMIT_NPROC check from set_user() todo_execve_common()

From: Vasiliy Kulikov
Date: Fri Jul 29 2011 - 04:06:45 EST

Next message: Vasiliy Kulikov: "[patch v3] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Previous message: Liu Yuan: "Re: [RFC PATCH]vhost-blk: In-kernel accelerator for virtio blockdevice"
In reply to: Vasiliy Kulikov: "Re: [kernel-hardening] Re: [patch v2] move RLIMIT_NPROC check fromset_user() to do_execve_common()"
Next in thread: Vasiliy Kulikov: "[patch v3] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 26, 2011 at 18:48 +0400, Vasiliy Kulikov wrote:
> if (atomic_read(&new_user->processes) >= rlimit(RLIMIT_NPROC) &&
> - new_user != INIT_USER) {
> - free_uid(new_user);
> - return -EAGAIN;
> - }
> + new_user != INIT_USER)
> + current->flags |= PF_NPROC_EXCEEDED;

It doesn't respect the chain: setresuid() with exceeded rlimit to user A,
setresuid() with normal limit to user B. While being user B, the PF is
kept, which is wrong as it is not B's exceeded limit. So, it must be
cleared on successful set_user() calls. I'll send a patch.

--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vasiliy Kulikov: "[patch v3] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Previous message: Liu Yuan: "Re: [RFC PATCH]vhost-blk: In-kernel accelerator for virtio blockdevice"
In reply to: Vasiliy Kulikov: "Re: [kernel-hardening] Re: [patch v2] move RLIMIT_NPROC check fromset_user() to do_execve_common()"
Next in thread: Vasiliy Kulikov: "[patch v3] move RLIMIT_NPROC check from set_user() todo_execve_common()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]