| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160111162444.GA20163@1wt.eu>
Date: Mon, 11 Jan 2016 17:24:44 +0100
From: Willy Tarreau <w@....eu>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
socketpair@...il.com
Subject: Re: [PATCH v2] pipe: limit the per-user amount of pages allocated in pipes
On Tue, Jan 12, 2016 at 01:19:00AM +0900, Tetsuo Handa wrote:
> Willy Tarreau wrote:
> > @@ -1066,7 +1094,8 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
> > if (!nr_pages)
> > goto out;
> >
> > - if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
> > + if (!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN) &&
> > + (size > pipe_max_size || too_many_pipe_buffers(pipe->user))) {
> > ret = -EPERM;
> > goto out;
> > }
>
> I think we should not check capable(CAP_SYS_ADMIN) for size > pipe_max_size
> case, for checking capable(CAP_SYS_ADMIN) needlessly generates audit logs and
> also loosens permission required for setting size > pipe_max_size.
>
> Also, I think we should not check capable(CAP_SYS_ADMIN) unless
> too_many_pipe_buffers(pipe->user) is true, for checking capable(CAP_SYS_ADMIN)
> needlessly generates audit logs.
>
> Since too_many_unix_fds() requires capable(CAP_SYS_ADMIN) || capable(CAP_SYS_ADMIN),
> I think what we want is something like below?
>
> if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
> ret = -EPERM;
> goto out;
> } else if (too_many_pipe_buffers(pipe->user) &&
> !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
> ret = -EPERM;
> goto out;
> }
OK that works for me. Do you have an opinion regarding my other proposal of
soft vs hard limit ?
Thanks,
Willy
Powered by blists - more mailing lists