[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Jul 2017 11:57:29 -0700
From: Kees Cook <keescook@...omium.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andy Lutomirski <luto@...nel.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Michal Hocko <mhocko@...nel.org>,
Ben Hutchings <ben@...adent.org.uk>,
Hugh Dickins <hughd@...gle.com>,
Oleg Nesterov <oleg@...hat.com>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Rik van Riel <riel@...hat.com>, linux-kernel@...r.kernel.org
Subject: [PATCH] exec: Limit arg stack to at most _STK_LIM / 4 * 3
To avoid pathological stack usage or the need to special-case setuid
execs, just limit all arg stack usage to at most _STK_LIM / 4 * 3 (6MB).
Signed-off-by: Kees Cook <keescook@...omium.org>
---
fs/exec.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 904199086490..ddca2cf15f71 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -221,7 +221,6 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
if (write) {
unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;
unsigned long ptr_size;
- struct rlimit *rlim;
/*
* Since the stack will hold pointers to the strings, we
@@ -250,14 +249,15 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
return page;
/*
- * Limit to 1/4-th the stack size for the argv+env strings.
+ * Limit to 1/4 of the max stack size or 3/4 of _STK_LIM
+ * (whichever is smaller) for the argv+env strings.
* This ensures that:
* - the remaining binfmt code will not run out of stack space,
* - the program will have a reasonable amount of stack left
* to work from.
*/
- rlim = current->signal->rlim;
- if (size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4)
+ if (size > min_t(unsigned long, rlimit(RLIMIT_STACK) / 4,
+ _STK_LIM / 4 * 3))
goto fail;
}
--
2.7.4
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists