Re: [tip:x86/mm] x86/mmap, ASLR: Do not treat unlimited-stack tasks as legacy mmap
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [tip:x86/mm] x86/mmap, ASLR: Do not treat unlimited-stack tasks as legacy mmap
- From: Oleg Nesterov <oleg@xxxxxxxxxx>
- Date: Fri, 23 Jun 2017 16:54:41 +0200
- Cc: linux-tip-commits@xxxxxxxxxxxxxxx, torvalds@xxxxxxxxxxxxxxxxxxxx, mingo@xxxxxxxxxx, hpa@xxxxxxxxx, jkosina@xxxxxxx, mhocko@xxxxxxxx, tglx@xxxxxxxxxxxxx, davej@xxxxxxxxxxxxxxxxx, peterz@xxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 38EB87F414
- In-reply-to: <tip-86b110d2ae6365ce91cabd37588bc8611770421a@git.kernel.org>
- References: <20170614082218.12450-1-mhocko@kernel.org> <tip-86b110d2ae6365ce91cabd37588bc8611770421a@git.kernel.org>
- User-agent: Mutt/1.5.24 (2015-08-30)
On 06/23, tip-bot for Michal Hocko wrote:
>
> We added a heuristics to treat applications with RLIMIT_STACK configured
> to unlimited as legacy. This means:
To me this also means a minor security problem. The comment above
PER_CLEAR_ON_SETID says "must be cleared upon setuid or setgid exec",
but if you do "ulimit -s unlimited" before suid exec then
ADDR_COMPAT_LAYOUT set by security checks will be ignored.
> So let's try and remove this assumption - hopefully nothing breaks.
Agreed.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Index of Archives]
[Linux Stable Commits]
[Linux Stable Kernel]
[Linux Kernel]
[Linux USB Devel]
[Linux Video &Media]
[Linux Audio Users]
[Yosemite News]
[Linux SCSI]
