lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 9 May 2012 17:49:28 -0700
From:	Maciej Żenczykowski <zenczykowski@...il.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	James Morris <jmorris@...ei.org>, Neil Brown <neilb@...e.de>,
	Vasiliy Kulikov <segoon@...nwall.com>
Subject: Re: setuid and RLIMIT_NPROC and 3.1+

> Well, those bggy apps have to be really *odd* buggy apps now. IOW,
> they need to do setuid(), and then not execve(). At that point, they
> really do have to check the error return, since there is no execve()
> for them to check.
>
> In the end, we can do only so much to counter buggy apps. I think my
> patch is a reasonable "we can try to give the error at execve() time,
> but if somebody does tons of setuid() without ever doing the execve(),
> at some point they do have to check the error return of setuid()
> itself".
>
> I suspect most users of setuid() are good and check the error return.

If you return EAGAIN from setuid, because we've run into the hard
limit, and userspace doesn't check it, then the exec will still
succeed, and we'll end up running the exec'ed code as root.
Which re-introduces the same bug this was trying to fix.  At that
point we might as well just revert the 3.1 commit.

(what if soft and hard nproc limits are the same? then it's always
EAGAIN, so the bug is always reintroduced)

In my opinion the buggy apps should be fixed and the 3.1 commit should
be reverted both in upcoming 3.4 and in stable 3.1/3.2/3.3.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ