On Wed, Jan 15, 2025 at 02:22:08PM +0100, nicolas.bouchinet@xxxxxxxxxxx wrote: > Any negative write or >= to INT_MAX in core_pipe_limit sysctl would > hypothetically allow a user to create very high load on the system by > running processes that produces a coredump in case the core_pattern > sysctl is configured to pipe core files to user space helper. > Memory or PID exhaustion should happen before but it anyway breaks the > core_pipe_limit semantic. Isn't this true for "0" too (the default)? I'm not opposed to the change since it makes things more clear, but I don't think the >=INT_MAX problem is anything more than "functionally identical to 0". :) Reviewed-by: Kees Cook <kees@xxxxxxxxxx> -- Kees Cook
