(2011/07/12 22:27), Vasiliy Kulikov wrote: > The patch http://lkml.org/lkml/2003/7/13/226 introduced a RLIMIT_NPROC > check in set_user() to check for NPROC exceeding via setuid() and > similar functions. Before the check there was a possibility to greatly > exceed the allowed number of processes by an unprivileged user if the > program relied on rlimit only. But the check created new security > threat: many poorly written programs simply don't check setuid() return > code and believe it cannot fail if executed with root privileges. So, > the check is removed in this patch because of too often privilege > escalations related to buggy programs. > > The NPROC can still be enforced in the common code flow of daemons > spawning user processes. Most of daemons do fork()+setuid()+execve(). > The check introduced in execve() enforces the same limit as in setuid() > and doesn't create similar security issues. > > Similar check was introduced in -ow patches. > > Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx> BSD folks tell me NetBSD has the exactly same hack (ie check at exec instead setuid) since 2008. Then, I think this is enough proved safer way. http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/kern_exec.c?rev=1.316&content-type=text/x-cvsweb-markup&only_with_tag=MAIN Thx. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
