| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Oct 2009 13:15:38 -0400 From: Neil Horman <nhorman@...driver.com> To: linux-kernel@...r.kernel.org Cc: akpm@...ux-foundation.org, nhorman@...driver.com Subject: Re: [PATCH 0/3] extend get/setrlimit to support setting rlimits external to a process (v3) Ok, heres attempt number 3, in response to your thoughts and concerns Andrew. Change Notes: 1) Kept ability to set/get rlimits via /proc/pid/limits as in the previous patches 2) Augmented the patchset with 2 new syscall defines, getprlimit and setprlimit, which take a pid_t as an additional argument, allowing a user to specify a process id for the rlimits in question. The core code for setting rlimits is shared with the previous patch, and is in do_setrlimit, so that all the security checks and such remain unaltered. 3) Add syscall numbers to asm-generic/unistd.h so that any arch using the generic syscall code picks up these new syscalls. I figure I don't have access to systems that don't use that code, so I should probably leave those changes up to the arch maintainers. Summary Its been requested often that we have the ability to read and modify process rlimit values from contexts external to the owning process. Ideally this allows sysadmins to adjust rlimits on long running processes wihout the need to stop and restart those processes, which incurs undesireable downtime. This patch enables that functionality, It does so in two places. First it enables process limit setting by writing to the /proc/pid/limits file a string in the format: <limit> <current limit> <max limit> > /proc/<pid>/limits where limit is one of [as,core,cpu,data,fsize,locks,memlock,msgqueue,nice,nofile,nproc,rss,rtprio,rttime] Secondly it allows for programatic setting of these limits via 2 new syscalls, getprlimit, and setprlimit, which act in an identical fashion to getrlimit and setrlimit respectively, except that they except a process id as an extra argument, to specify the process id of the rlimit values that you wish to read/write Signed-off-by: Neil Horman <nhorman@...driver.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists