lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 29 Feb 2008 09:12:36 -0800 (PST)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Michael Kerrisk <michael.kerrisk@...glemail.com>
cc:	Peter Zijlstra <a.p.zijlstra@...llo.nl>, aaw <aaw@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	michael.kerrisk@...il.com, carlos@...esourcery.com,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	linux-kernel <linux-kernel@...r.kernel.org>, drepper@...hat.com,
	mtk.manpages@...il.com
Subject: Re: [RFC/PATCH] RLIMIT_ARG_MAX



On Fri, 29 Feb 2008, Michael Kerrisk wrote:

> >  What's the real advantage of this? I'm not seeing it. Just an extra
> >  complexity "niceness" that nobody can rely on anyway since it's not even
> >  specified, and older kernels won't do it.
> 
> The advantages are the following:
> 
> 1. We don't break the ABI.  in 2.6.23, RLIMIT_STACK acquired an
> additional semantic: RLIMIT_STACK/4 specified the size for
> argv+environ.

So maybe we should change *that* then, and just allow arg/env to be more 
than 25%.

> 2. It provides a sane mechanism for an application to determine the
> space available for argv+environ.  Formerly this space was an
> invariant, advertised via sysconf(_SC_ARG_MAX).

.. and what's the point? We've never had it before, nobody has ever cared, 
and the whole notion is just stupid. Why would we want to limit it? The 
only thing that the kernel *cares* about is the stack size - any other 
size limits are always going to be arbitrary.

> 3. The implementation details about stack size and size/location of
> argv+environ can be decoupled.

Now, this is a potentially interesting argument, but is it true (ie don't 
we have programs that know about the status quo) and are people actually 
planning on doing that (for what reason?) or is it just a theoretical one?

		Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ