| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Aug 2016 07:48:18 +0200
From: Willy Tarreau <w@....eu>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Vegard Nossum <vegard.nossum@...cle.com>, socketpair@...il.com,
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
Jens Axboe <axboe@...com>, Al Viro <viro@...iv.linux.org.uk>,
linux-api@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/8] pipe: fix limit checking in pipe_set_size()
Hi Michael,
Since you're changing this code, it's probably worth swapping the size
check and capable() below to save a function call in the normal path :
On Fri, Aug 19, 2016 at 05:25:35PM +1200, Michael Kerrisk (man-pages) wrote:
> + if (nr_pages > pipe->buffers) {
> + if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
=> if (size > pipe_max_size && !capable(CAP_SYS_RESOURCE)) {
> + ret = -EPERM;
> + goto out_revert_acct;
> + } else if ((too_many_pipe_buffers_hard(pipe->user) ||
> + too_many_pipe_buffers_soft(pipe->user)) &&
> + !capable(CAP_SYS_RESOURCE) &&
> + !capable(CAP_SYS_ADMIN)) {
> + ret = -EPERM;
> + goto out_revert_acct;
> + }
> + }
(...)
Cheers,
Willy
Powered by blists - more mailing lists