| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201601120119.JHB51017.JFOFtSOLOMHVFQ@I-love.SAKURA.ne.jp>
Date: Tue, 12 Jan 2016 01:19:00 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: w@....eu, viro@...iv.linux.org.uk
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
torvalds@...ux-foundation.org, socketpair@...il.com
Subject: Re: [PATCH v2] pipe: limit the per-user amount of pages allocated in pipes
Willy Tarreau wrote:
> @@ -1066,7 +1094,8 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
> if (!nr_pages)
> goto out;
>
> - if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
> + if (!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN) &&
> + (size > pipe_max_size || too_many_pipe_buffers(pipe->user))) {
> ret = -EPERM;
> goto out;
> }
I think we should not check capable(CAP_SYS_ADMIN) for size > pipe_max_size
case, for checking capable(CAP_SYS_ADMIN) needlessly generates audit logs and
also loosens permission required for setting size > pipe_max_size.
Also, I think we should not check capable(CAP_SYS_ADMIN) unless
too_many_pipe_buffers(pipe->user) is true, for checking capable(CAP_SYS_ADMIN)
needlessly generates audit logs.
Since too_many_unix_fds() requires capable(CAP_SYS_ADMIN) || capable(CAP_SYS_ADMIN),
I think what we want is something like below?
if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
ret = -EPERM;
goto out;
} else if (too_many_pipe_buffers(pipe->user) &&
!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
ret = -EPERM;
goto out;
}
Powered by blists - more mailing lists