| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48807821.8050504@swiss-it.ch> Date: Fri, 18 Jul 2008 13:01:53 +0200 From: Reto Buerki <buerki@...ss-it.ch> To: linux-kernel@...r.kernel.org Subject: Re: "core dump helper" runs always as root > If we run the usermode helper with the privileges of the dying process, what do > we do about rlimit enforcement? They don't have a PAM environment, so either > they get the default rlimits, or we have to make them inherit their limits from > the dying process. This is very problematic if the process died due to > exceeding an rlimit. I'm not sure if I understand your objection correctly, but I thought RLIMIT_CORE is ignored when using piped syntax with core_pattern. At least this is how I interpret the code and the corresponding comment in do_coredump() (fs/exec.c). The comment explicitly states that there's no need to check RLIMIT_CORE value because file size limits and permissions apply as they do with any other process. There are also no further rlimit checks in usermode helper functions, at least I could not find any ... - reto -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists