Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262159AbVDRSLY (ORCPT ); Mon, 18 Apr 2005 14:11:24 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262157AbVDRSLY (ORCPT ); Mon, 18 Apr 2005 14:11:24 -0400 Received: from vds-320151.amen-pro.com ([62.193.204.86]:53632 "EHLO vds-320151.amen-pro.com") by vger.kernel.org with ESMTP id S262173AbVDRSKr (ORCPT ); Mon, 18 Apr 2005 14:10:47 -0400 Subject: Re: [PATCH] RLIMIT_NPROC enforcement during execve() calls From: Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= To: Christoph Hellwig Cc: "linux-kernel@vger.kernel.org" In-Reply-To: <20050418174346.GA28790@infradead.org> References: <1113845937.17341.29.camel@localhost.localdomain> <20050418174346.GA28790@infradead.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-g/PWEq8SJlGTzkuFli4h" Date: Mon, 18 Apr 2005 20:07:04 +0200 Message-Id: <1113847624.17341.36.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.2.1.1 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1552 Lines: 46 --=-g/PWEq8SJlGTzkuFli4h Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable El lun, 18-04-2005 a las 18:43 +0100, Christoph Hellwig escribi=F3: > On Mon, Apr 18, 2005 at 07:38:57PM +0200, Lorenzo Hern?ndez Garc?a-Hierro= wrote: > > Enforces the RLIMIT_NPROC limit by adding an additional check for > > execve(), as > > such limit is checked only during fork() calls. >=20 > What's the point? exec doesn't create new process and exec() shouldn't > start to fail just because someone lowered the rlimit a short while ago. The limit is only checked when process is created on a fork() call, but during execution it's uid can change, thus, the limit for the new uid could be exceed. It comes from the Openwall kernel patch, as well implemented in grSecurity and vSecurity. Cheers, --=20 Lorenzo Hern=E1ndez Garc=EDa-Hierro =20 [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org] --=-g/PWEq8SJlGTzkuFli4h Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBCY/dIDcEopW8rLewRAsFiAKDfUb0AIQje73QnJZly30u9chi0NQCgp3CT Zrfb4kCnkjFOyOGGjX6vIzA= =fy+0 -----END PGP SIGNATURE----- --=-g/PWEq8SJlGTzkuFli4h-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/