Al Boldi <[email protected]> wrote:
>
> This is a another resend, which was ignored before w/o comment.
> Andrew, can you at least comment on it? Thanks!
>
I don't have a clue what it's for.
>
> Simple attempt to provide a backdoor in a process lockout situation.
>
> echo $$ > /proc/sys/kernel/su-pid allows pid to exceed the threads_max limit.
>
> Note that this patch incurs zero runtime-overhead.
>
> Signed-off-by: Al Boldi <[email protected]>
>
> ---
> (patch against 2.6.14)
>
> --- kernel/fork.c.orig 2005-11-14 20:55:33.000000000 +0300
> +++ kernel/fork.c 2005-11-14 20:58:25.000000000 +0300
Please prepare patches in `patch -p1' form.
> @@ -57,6 +57,7 @@
> int nr_threads; /* The idle threads do not count.. */
>
> int max_threads; /* tunable limit on nr_threads */
> +int su_pid; /* BackDoor pid to exceed limit on nr_threads */
>
> DEFINE_PER_CPU(unsigned long, process_counts) = 0;
>
> @@ -926,6 +927,7 @@
> * to stop root fork bombs.
> */
> if (nr_threads >= max_threads)
> + if (p->pid != su_pid)
> goto bad_fork_cleanup_count;
We don't lay code out in that manner. Not even vaguely.
This check comes after the RLIMIT_PROC check, which is supposed to
eliminate "process lockout situations", although you haven't really defined
that.
> if (!try_module_get(p->thread_info->exec_domain->module))
Your email client replaces tabs with spaces.
> KERN_SETUID_DUMPABLE=69, /* int: behaviour of dumps for setuid core
> */
And it wordwraps.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]