| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5dwt933ku5.fsf@attruh.keh.iki.fi> Date: 20 Aug 2006 10:52:34 +0300 From: Kari Hurtta <hurtta+gmane@...lo.fmi.fi> To: linux-kernel@...r.kernel.org Subject: Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits Solar Designer <solar@...nwall.com> writes in gmane.linux.kernel > Attached is a trivial patch (extracted from 2.4.33-ow1) that makes > set*uid() kill the current process rather than proceed with -EAGAIN when > the kernel is running out of memory. Apparently, alloc_uid() can't fail > and return anyway due to properties of the allocator, in which case the > patch does not change a thing. But better safe than sorry. > > As you're probably aware, 2.6 kernels are affected to a greater extent, > where set*uid() may also fail on trying to exceed RLIMIT_NPROC. That > needs to be fixed, too. > > Opinions are welcome. Perhaps stupid suggestion: Should there be new signal for 'failure to drop privileges' ? ( perhaps SIGPRIV or is this name free ) By default signal terminates process. By setting this to SIG_IGN this allows deamons handle situation when becoming to user failed and give proper error message. Still unaware root processes are killed and not causing privilge escalation. / Kari Hurtta - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists