On Fri, 2021-08-20 at 12:38 -0400, Jordy Zomer wrote: > Hi There! > > Because this is a global variable, it appears to be exploitable. > Either we generate a sufficient number of processes to achieve this > counter, or you increase the open file limit with ulimit or sysctl. > Unless the kernel has a hard restriction on the number of potential > file descriptors that I'm not aware of. There's no direct global counter for file descriptors, no; however, there is an indirect limit: the number of processes per user which is now defaulting to around 65535, so even a fork bomb opening the max number of fds won't get you a wrap. > In any case, it's probably a good idea to patch this to make it > explicitly secure. If you discover a hard-limit in the kernel for > open file descriptors, please let me know. I'm genuinely interested > :D! I didn't disagree it might be a useful think to update ... I just didn't think it was currently exploitable. James
