[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090107190230.GB11037@ioremap.net>
Date: Wed, 7 Jan 2009 22:02:30 +0300
From: Evgeniy Polyakov <zbr@...emap.net>
To: "C. Scott Ananian" <cscott@...top.org>
Cc: Michael Stone <michael@...top.org>, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH] Security: Implement and document RLIMIT_NETWORK.
On Wed, Jan 07, 2009 at 01:35:13PM -0500, C. Scott Ananian (cscott@...top.org) wrote:
> I haven't reviewed the patch to confirm this, but this is how I would
> expect RLIMIT_NETWORK functions. A trusted process like inetd (say)
> would accept a network connection and create a file handle. It would
> then fork, drop the hard and soft RLIMIT_NETWORK to 0, and then exec
> the untrusted client program. This would allow the untrusted program
> to use the 'trusted' network resource via the open file handle, but
> prevent it from (say) leaking sensitive transaction data by making
> further connections to some other network resource. (There are better
> use cases than inetd, of course.)
So effectively it requires higher-prio process to set the limit and then
drop own priviledges. And by default network rlimit is turned off, so
this does not work for usual processes?
The same inetd may setup iptables rule btw. I do not say this is the way
to go, just that it already exists.
> According to man 2 setrlimit, "A child process created via fork(2)
> inherits its parent's resource limits. Resource limits are preserved
> across execve(2).".
Yes, rlimits are copied in copy_signal(), but when parent sets the
rlimit it is not updated in the childs, so was my question, sorry for
confusion.
--
Evgeniy Polyakov
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists