On Tue, Jan 09, 2018 at 02:23:32PM -0800, Kees Cook wrote: > On Sun, Jan 7, 2018 at 9:35 PM, Eric Biggers <ebiggers3@xxxxxxxxx> wrote: > > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > > > pipe-user-pages-hard and pipe-user-pages-soft are only supposed to apply > > to unprivileged users, as documented in both Documentation/sysctl/fs.txt > > and the pipe(7) man page. > > > > However, the capabilities are actually only checked when increasing a > > pipe's size using F_SETPIPE_SZ, not when creating a new pipe. > > Therefore, if pipe-user-pages-hard has been set, the root user can run > > into it and be unable to create pipes. Similarly, if > > pipe-user-pages-soft has been set, the root user can run into it and > > have their pipes limited to 1 page each. > > > > Fix this by allowing the privileged override in both cases. > > Should this be controlled per-namespace instead of via init-ns caps? > I don't think so. Users shouldn't be able to bypass the limits by creating a user namespace. Eric
