lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20080304200701.GA5599@ucw.cz>
Date:	Tue, 4 Mar 2008 21:07:01 +0100
From:	Pavel Machek <pavel@....cz>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Michael Kerrisk <michael.kerrisk@...glemail.com>,
	aaw <aaw@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>,
	michael.kerrisk@...il.com, carlos@...esourcery.com,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	linux-kernel <linux-kernel@...r.kernel.org>, drepper@...hat.com,
	mtk.manpages@...il.com
Subject: Re: [RFC/PATCH] RLIMIT_ARG_MAX

On Fri 2008-02-29 09:29:19, Linus Torvalds wrote:
> 
> 
> On Fri, 29 Feb 2008, Peter Zijlstra wrote:
> >
> > > ... and what's the point? We've never had it before, nobody has ever cared, 
> > > and the whole notion is just stupid. Why would we want to limit it? The 
> > > only thing that the kernel *cares* about is the stack size - any other 
> > > size limits are always going to be arbitrary.
> > 
> > Well, don't think of limiting it, but querying the limit.
> > 
> > Programs like xargs would need to know how much to stuff into argv
> > before starting a new invocation.
> 
> But they already can't really do that. More importantly, isn't it better 
> to just use the whole stack size then (or just return "stack size / 4" or 
> whatever)?

Using whole stack smells like a security problem to me.

...pass so much parameters that passwd dies on stack shortage. Make
sure passwd grabbed some system-wide lock before dying.

						Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ