lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20061103194611.GA22891@ziggurat.research.nokia.com>
Date:	Fri, 3 Nov 2006 21:46:11 +0200
From:	Guillem Jover <guillem.jover@...ia.com>
To:	linux-kernel@...r.kernel.org
Subject: [PATCH] Allowing user processes to rise their oom_adj value

Currently a user process cannot rise its own oom_adj value (i.e.
unprotecting itself from the OOM killer). As this value is stored
in the task structure it gets inherited and the unprivileged childs
will be unable to rise it.

The EPERM will be handled by the generic proc fs layer, as only
processes with the proper caps or the owner of the process will be
able to write to the file. So we allow only the processes with
CAP_SYS_RESOURCE to lower the value, otherwise it will get an EACCES
which seems more appropriate than EPERM.

Signed-off-by: Guillem Jover <guillem.jover@...ia.com>
---
 fs/proc/base.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 8df2740..955bb0a 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -682,8 +682,6 @@ static ssize_t oom_adjust_write(struct f
 	char buffer[PROC_NUMBUF], *end;
 	int oom_adjust;
 
-	if (!capable(CAP_SYS_RESOURCE))
-		return -EPERM;
 	memset(buffer, 0, sizeof(buffer));
 	if (count > sizeof(buffer) - 1)
 		count = sizeof(buffer) - 1;
@@ -698,6 +696,10 @@ static ssize_t oom_adjust_write(struct f
 	task = get_proc_task(file->f_dentry->d_inode);
 	if (!task)
 		return -ESRCH;
+	if (oom_adjust < task->oomkilladj && !capable(CAP_SYS_RESOURCE)) {
+		put_task_struct(task);
+		return -EACCES;
+	}
 	task->oomkilladj = oom_adjust;
 	put_task_struct(task);
 	if (end - buffer == 0)
-- 
1.4.3.3

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ