lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFyVQ_cfmHbXKA2DhdmKDu9dg=OFerCXW=D5KqF4W=8sjw@mail.gmail.com>
Date:   Mon, 10 Jul 2017 11:24:55 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Michal Hocko <mhocko@...nel.org>
Cc:     Kees Cook <keescook@...omium.org>,
        Andy Lutomirski <luto@...nel.org>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Ben Hutchings <ben@...adent.org.uk>,
        Hugh Dickins <hughd@...gle.com>,
        Oleg Nesterov <oleg@...hat.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Rik van Riel <riel@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] exec: Limit arg stack to at most _STK_LIM / 4 * 3

On Mon, Jul 10, 2017 at 8:59 AM, Michal Hocko <mhocko@...nel.org> wrote:
>
> We will always need some gap inforcement.

Considering the Java issue, that's rather questionable.

We really can't be breaking libreoffice. That's like a big classic
no-no - it affects normal users that simply cannot be expected to work
around it. For them, it's a "my office application no longer works"
situation, and they just think the system is flaky.

Now, somebody who explicitly raised the stack limit past 24MB and gets
bit because he also tries to use more than 6M of arguments - that's
actually a different issue. Let's see if anybody ever even complains,
and then we might make it a "only for suid binaries" thing.

But honestly, a security limit that isn't tested in normal working is
not a security limit at all, it's just theory and likely bullshit. So
I'd much rather *not* make it suid-specific if at all possible. That
way it has some chance in hell of actually getting tested.

                    Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ