Re: [PATCH] RLIMIT_NPROC enforcement during execve() calls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 18 Apr 2005 20:07:04 +0200, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= said:

> The limit is only checked when process is created on a fork() call, but
> during execution it's uid can change, thus, the limit for the new uid
> could be exceed.

The only two ways I can see this happening are (1) if the process is running
as uid 0 (or capability-equivalent) at fork() time and have called set*uid()
before execve(), or (2) we just exec'ed a set-UID binary.

In both cases the "obvious" thing to do is to re-check the target UID's rlimit,
but there may be some squirrelly corner case where this isn't true...

Attachment: pgpsKta3Tk63Q.pgp
Description: PGP signature


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux