lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 11 Sep 2008 12:22:19 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Adam Tkac <vonsch@...il.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2.6.27-rc5] Allow set RLIMIT_NOFILE to RLIM_INFINITY

On Thu, 11 Sep 2008 09:54:38 +0200
Adam Tkac <vonsch@...il.com> wrote:

> On Wed, Sep 10, 2008 at 02:31:41PM -0700, Andrew Morton wrote:
> > On Tue, 9 Sep 2008 09:14:07 +0200
> > Adam Tkac <vonsch@...il.com> wrote:
> > 
> > > when process wants set limit of open files to RLIM_INFINITY it gets
> > > EPERM even if it has CAP_SYS_RESOURCE capability. Attached patch
> > > should fix the problem. Please add me to CC of your responses because
> > > I'm not member of list.
> > > 
> > > Regards, Adam
> > > 
> > > -- 
> > > Adam Tkac
> > > 
> > > 
> > > [linux26-openfiles.patch  text/plain (634B)]
> > > --- a/kernel/sys.c
> > > +++ b/kernel/sys.c
> > > @@ -1458,8 +1458,14 @@ asmlinkage long sys_setrlimit(unsigned i
> > >  	if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
> > >  	    !capable(CAP_SYS_RESOURCE))
> > >  		return -EPERM;
> > > -	if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open)
> > > -		return -EPERM;
> > > +	if (resource == RLIMIT_NOFILE) {
> > > +		if (new_rlim.rlim_max == RLIM_INFINITY)
> > > +			new_rlim.rlim_max = sysctl_nr_open;
> > > +		if (new_rlim.rlim_cur == RLIM_INFINITY)
> > > +			new_rlim.rlim_cur = sysctl_nr_open;
> > > +		if (new_rlim.rlim_max > sysctl_nr_open)
> > > +			return -EPERM;
> > > +	}
> > 
> > The kernel has had this behaviour for a long time.  2.6.13 had:
> > 
> > 	if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
> > 	    !capable(CAP_SYS_RESOURCE))
> > 		return -EPERM;
> > 	if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > NR_OPEN)
> > 			return -EPERM;
> > 
> > I don't immediately see a problem with your change, but what makes you
> > believe that it is needed?  Is there some standard which we're
> > violating?  Is there some operational situation in which the current
> > behaviour is causing a problem?
> > 
> > Thanks.
> 
> Well, this change is not _absolutely_ needed because everyone who wants
> unlimited file descriptors he could set it to NR_OPEN. Look on
> example (from BIND):
> 
> ...
> #elif defined(NR_OPEN) && defined(__linux__)
>         /*
>          * Some Linux kernels don't accept RLIM_INFINIT; the maximum
>          * possible value is the NR_OPEN defined in linux/fs.h.
>          */
>         if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
>                 rl.rlim_cur = rl.rlim_max = NR_OPEN;
>                 unixresult = setrlimit(unixresource, &rl);
>                 if (unixresult == 0)
>                         return (ISC_R_SUCCESS);
>         }
> #elif ...
> 
> I think that when you allow set RLIMIT_NOFILE to RLIM_INFINITY you
> increase portability - you don't have to check if OS is linux and then
> use different schema for limits.
> 

OK.

I updated the changelog as below.

Please send a Signed-off-by: for thsi change, as per section 12 of
Documentation/SubmittingPatches.

Thanks.

From: Adam Tkac <vonsch@...il.com>

When a process wants to set the limit of open files to RLIM_INFINITY it
gets EPERM even if it has CAP_SYS_RESOURCE capability.

For example, BIND does:

...
#elif defined(NR_OPEN) && defined(__linux__)
        /*
         * Some Linux kernels don't accept RLIM_INFINIT; the maximum
         * possible value is the NR_OPEN defined in linux/fs.h.
         */
        if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
                rl.rlim_cur = rl.rlim_max = NR_OPEN;
                unixresult = setrlimit(unixresource, &rl);
                if (unixresult == 0)
                        return (ISC_R_SUCCESS);
        }
#elif ...

If we allow setting RLIMIT_NOFILE to RLIM_INFINITY we increase portability
- you don't have to check if OS is linux and then use different schema for
limits.

The spec says "Specifying RLIM_INFINITY as any resource limit value on a
successful call to setrlimit() shall inhibit enforcement of that resource
limit." and we're presently not doing that.

Cc: Michael Kerrisk <mtk.manpages@...glemail.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
---

 kernel/sys.c |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff -puN kernel/sys.c~rlimit-permit-setting-rlimit_nofile-to-rlim_infinity kernel/sys.c
--- a/kernel/sys.c~rlimit-permit-setting-rlimit_nofile-to-rlim_infinity
+++ a/kernel/sys.c
@@ -1532,8 +1532,14 @@ asmlinkage long sys_setrlimit(unsigned i
 	if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
 	    !capable(CAP_SYS_RESOURCE))
 		return -EPERM;
-	if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open)
-		return -EPERM;
+	if (resource == RLIMIT_NOFILE) {
+		if (new_rlim.rlim_max == RLIM_INFINITY)
+			new_rlim.rlim_max = sysctl_nr_open;
+		if (new_rlim.rlim_cur == RLIM_INFINITY)
+			new_rlim.rlim_cur = sysctl_nr_open;
+		if (new_rlim.rlim_max > sysctl_nr_open)
+			return -EPERM;
+	}
 
 	retval = security_task_setrlimit(resource, &new_rlim);
 	if (retval)
_

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ