lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Feb 2022 11:25:18 +0100 From: Michal Koutný <mkoutny@...e.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Solar Designer <solar@...nwall.com>, linux-kernel@...r.kernel.org, Alexey Gladkov <legion@...nel.org>, Kees Cook <keescook@...omium.org>, Shuah Khan <shuah@...nel.org>, Christian Brauner <brauner@...nel.org>, Ran Xiaokai <ran.xiaokai@....com.cn>, stable@...r.kernel.org Subject: Re: [PATCH 3/8] ucounts: Fix and simplify RLIMIT_NPROC handling during setuid()+execve On Mon, Feb 14, 2022 at 09:10:49AM -0600, "Eric W. Biederman" <ebiederm@...ssion.com> wrote: > I really like how cleanly this patch seems to be. Unfortunately it is > wrong. It seems [1] so: setuid() // RLIMIT_NPROC is fine at this moment ... fork() ... ... fork() execve() // eh, oh This "punishes" the exec'ing task although the cause is elsewhere. Michal [1] The decoupled setuid()+execve() check can be interpretted both ways. I understood historically the excess at the setuid() moment is relevant.
Powered by blists - more mailing lists