Re: setuid and RLIMIT_NPROC and 3.1+

From: Linus Torvalds
Date: Wed May 09 2012 - 19:50:50 EST

Next message: Steven Rostedt: "Re: [PATCH] trace: power: add trace_clock_set_parent"
Previous message: Mark Brown: "[PATCH 5/6] regulator: wm8350: Convert LDOs to set_voltage_sel()"
In reply to: Linus Torvalds: "Re: setuid and RLIMIT_NPROC and 3.1+"
Next in thread: Maciej Åenczykowski: "Re: setuid and RLIMIT_NPROC and 3.1+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 9, 2012 at 4:46 PM, Maciej Åenczykowski
<zenczykowski@xxxxxxxxx> wrote:
>
> Doesn't that just reintroduce the security 'hole' in buggy userspace apps
> that the original patch was attempting to fix?

Well, those bggy apps have to be really *odd* buggy apps now. IOW,
they need to do setuid(), and then not execve(). At that point, they
really do have to check the error return, since there is no execve()
for them to check.

In the end, we can do only so much to counter buggy apps. I think my
patch is a reasonable "we can try to give the error at execve() time,
but if somebody does tons of setuid() without ever doing the execve(),
at some point they do have to check the error return of setuid()
itself".

I suspect most users of setuid() are good and check the error return.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Rostedt: "Re: [PATCH] trace: power: add trace_clock_set_parent"
Previous message: Mark Brown: "[PATCH 5/6] regulator: wm8350: Convert LDOs to set_voltage_sel()"
In reply to: Linus Torvalds: "Re: setuid and RLIMIT_NPROC and 3.1+"
Next in thread: Maciej Åenczykowski: "Re: setuid and RLIMIT_NPROC and 3.1+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]