| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20160104.164435.2254202571374844451.davem@davemloft.net> Date: Mon, 04 Jan 2016 16:44:35 -0500 (EST) From: David Miller <davem@...emloft.net> To: unlisted-recipients:; (no To-header on input) Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org, edumazet@...gle.com, hannes@...essinduktion.org, socketpair@...il.com Subject: Re: [PATCH] unix: properly account for FDs passed over unix sockets From: Willy Tarreau <w@....eu> Date: Mon, 28 Dec 2015 15:14:35 +0100 > It is possible for a process to allocate and accumulate far more FDs than > the process' limit by sending them over a unix socket then closing them > to keep the process' fd count low. > > This change addresses this problem by keeping track of the number of FDs > in flight per user and preventing non-privileged processes from having > more FDs in flight than their configured FD limit. > > Reported-by: socketpair@...il.com > Suggested-by: Linus Torvalds <torvalds@...ux-foundation.org> > Signed-off-by: Willy Tarreau <w@....eu> > --- > It would be nice if (if accepted) it would be backported to -stable as the > issue is currently exploitable. As mentioned, please remove the unix_sock_count variable and associated code as it is completely unused after this patch. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists