El lun, 18-04-2005 a las 18:43 +0100, Christoph Hellwig escribió: > On Mon, Apr 18, 2005 at 07:38:57PM +0200, Lorenzo Hern?ndez Garc?a-Hierro wrote: > > Enforces the RLIMIT_NPROC limit by adding an additional check for > > execve(), as > > such limit is checked only during fork() calls. > > What's the point? exec doesn't create new process and exec() shouldn't > start to fail just because someone lowered the rlimit a short while ago. The limit is only checked when process is created on a fork() call, but during execution it's uid can change, thus, the limit for the new uid could be exceed. It comes from the Openwall kernel patch, as well implemented in grSecurity and vSecurity. Cheers, -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- References:
- [PATCH] RLIMIT_NPROC enforcement during execve() calls
- From: Lorenzo Hernández García-Hierro <[email protected]>
- Re: [PATCH] RLIMIT_NPROC enforcement during execve() calls
- From: Christoph Hellwig <[email protected]>
- [PATCH] RLIMIT_NPROC enforcement during execve() calls
- Prev by Date: Re: [patch 130/198] ext2 corruption - regression between 2.6.9 and 2.6.10
- Next by Date: dbench performance on cifs to Samba
- Previous by thread: Re: [PATCH] RLIMIT_NPROC enforcement during execve() calls
- Next by thread: Re: [PATCH] RLIMIT_NPROC enforcement during execve() calls
- Index(es):
 |