lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.1.00.0802291316000.17889@woody.linux-foundation.org>
Date:	Fri, 29 Feb 2008 13:34:21 -0800 (PST)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Michael Kerrisk <michael.kerrisk@...glemail.com>
cc:	Peter Zijlstra <a.p.zijlstra@...llo.nl>, aaw <aaw@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	carlos@...esourcery.com, Alan Cox <alan@...rguk.ukuu.org.uk>,
	linux-kernel <linux-kernel@...r.kernel.org>, drepper@...hat.com,
	mtk.manpages@...il.com, Geoff Clare <gwc@...ngroup.org>
Subject: Re: [RFC/PATCH] RLIMIT_ARG_MAX



On Fri, 29 Feb 2008, Michael Kerrisk wrote:

> On Fri, Feb 29, 2008 at 9:07 PM, Linus Torvalds
> >
> > > >  I agree. And clearly there _are_ relationships and always have been, but
> >  > >  equally clearly they simply haven't been a big issue in practice, and
> >  > >  nobody really cares.
> >  >
> >  > Do we know that for sure?
> >
> >  We *do* know for sure that the relationship has always been there. At
> >  least in Linux, and I bet in 99% of all other Unixes too. The arguments
> >  simply have traditionally been counted as part of the stack size.
> >
> >  Or did you mean the latter part?
> 
> I meant: do we know for sure that no one really cares?

Well, what I have tried to argue is that even if they care, the patch 
won't actually really help. It just moves existing behaviour around a bit, 
but leaves all the fundamental issues totally untouched in that it may 
count the strings, but not the pointers themselves etc.

More importantly, anybody who would depend on any new behaviour would 
still be screwed on all other platforms - including older Linux ones - in 
that they'd depend on some very specific behaviour that simply isn't going 
to be there in other cases.

So yeah, I can see that people could care, but they *shouldn't*.

> The new rlimit is primarily for the (supposed) applications that care
> about knowing (at least approximately) what _SC_ARG_MAX is.  I raised
> the initial bug report against glibc because applications can no
> longer (post 2.6.23) do this, but I haven't done the investigation
> about how many applications actually care.

Very few reasonably can. The thing is, in order to care, you have to count 
things like your own environment space etc, and you have to know that 
there is something you can even *do* about it if the counts go wrong.

So in practice, I think it's just about things like "xargs" and very few 
actual applications. 

I did try to do a google codesearch on "sysconf(_SC_ARG_MAX)" and it 
exists, but there wasn't a whole lot. The most logical one (and the one 
that didn't prefer the ARG_MAX #define) was the built-in xargs in ksh.

But I really didn't look very hard, just a few screenfuls of codesearch.

Realistically, "xargs" really is the main user. *Most* users of execve() 
simply either want all their arguments or none. It's not that common that 
somebody says "ok, I have a ton of arguments, but if you limit them I'll 
just use a fraction of them".

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ