On Tue, Jul 26, 2011 at 18:48 +0400, Vasiliy Kulikov wrote:
> if (atomic_read(&new_user->processes) >= rlimit(RLIMIT_NPROC) &&
> - new_user != INIT_USER) {
> - free_uid(new_user);
> - return -EAGAIN;
> - }
> + new_user != INIT_USER)
> + current->flags |= PF_NPROC_EXCEEDED;
It doesn't respect the chain: setresuid() with exceeded rlimit to user A,
setresuid() with normal limit to user B. While being user B, the PF is
kept, which is wrong as it is not B's exceeded limit. So, it must be
cleared on successful set_user() calls. I'll send a patch.
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
