Received: by 10.223.164.221 with SMTP id h29csp1425823wrb;
        Wed, 1 Nov 2017 16:35:34 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+Rl8wOGqYZ92s4rwxfwXxd+7Fp7TP3hQIR6WERUn4/6Dis0IWcE/D5Vb7vyOuU5035DpMu5
X-Received: by 10.98.35.194 with SMTP id q63mr1532377pfj.15.1509579334002;
        Wed, 01 Nov 2017 16:35:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1509579333; cv=none;
        d=google.com; s=arc-20160816;
        b=lvDEi5JLnyRE/dCSXZxcMo2RpM3CI35F3pyXKF3wpYTtvTkuQhnTDnKcmODO7WLZSF
         QHZoufYxjxfQckXc7VMV2qUcphdYwOzd5OcgpV3GJx7kWZr9J2jzRbGIIOBojJc9547y
         D2KNmpgdhMX1jxpEPiW6puErBEoh450ZkiYhN6tckMHcbzRpUT11qw8meaf8iLvZFyh/
         yPJGvLCwnbCqfoT+ch+fT7G6+kQWeShqfF4N4OSgI4F/FNiJoBgN+eTsHr4JubZ0pfAa
         sb/+5Twqi7JMz684hdIqG0mlS+0EedznT68KNrXB1mdy2vR5s+weeQzMGG8Gc8Rrb6pP
         sd5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:mime-version:user-agent:date:message-id:subject
         :from:to:dkim-signature:arc-authentication-results;
        bh=NASkCUElEUJ2w7NLiHT7AmJjdc+sV406hDs7184PtQ4=;
        b=fEHGu0boYdbx4kjaZuMn8QZDLQFsqLCxsa3do85Y/+I2cMtuUEU2Glta3u3jtduM6h
         4/7NNPPv4NrioLS6XSDOpgCEHanZra0eXgCV4bdKczMZ+Fwg8Yq6FRzGKg7wE9+ByOVS
         ITZaaXPpwmDfpoXJwf8YxE2m71DP3ksm2rkb/7369ZVQqK4rAIgZ7sKDnSbtzNxYZiKJ
         lxRw2c7cHKE0l3ePa83qY7QqnizNT9XtRAv39JAEfOecMB3/B4GZvaxV0ES0cq9WZQ0r
         uy/MAvFOv3YCLc7zs+NDYV4x7dEIZq1/0xxIvbLgxPqTFub9L4Qe6akmcPsBKzzg6F2t
         UzFA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=YiEzHUbt;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u2si776405plj.530.2017.11.01.16.35.21;
        Wed, 01 Nov 2017 16:35:33 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=YiEzHUbt;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933820AbdKAXed (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Wed, 1 Nov 2017 19:34:33 -0400
Received: from mail-pg0-f65.google.com ([74.125.83.65]:50756 "EHLO
        mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932964AbdKAXec (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 1 Nov 2017 19:34:32 -0400
Received: by mail-pg0-f65.google.com with SMTP id y5so3417798pgq.7
        for <linux-kernel@vger.kernel.org>; Wed, 01 Nov 2017 16:34:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=landley-net.20150623.gappssmtp.com; s=20150623;
        h=to:from:subject:message-id:date:user-agent:mime-version
         :content-language:content-transfer-encoding;
        bh=NASkCUElEUJ2w7NLiHT7AmJjdc+sV406hDs7184PtQ4=;
        b=YiEzHUbtQQkv6vDVxA6gADpGXhLVCk0NTzRZ930oj6i7LN1r7uvP6YkkvGbiDB02ui
         E95Jlhpcz2j9GjUnUz5NrqehMcETgE2+i4J+P1NSL11R75sPBU3OxuAjFNfkrZXCm1ry
         kcSnucTzASQivusK2YVZ/vcarz0cho0u76Gd3VW+ym6rPeyR4ETdaq+M6pkypH+7P4EC
         NEu8c6jml+SqBK51XwgQ+E+9MBh2ZToyO2JfaOa7evMTxWoOeDCMVP9w0Vrd4LGt5yVk
         wpDhOFTyG6c7IMjQ7rW/zw9XLknARgdbNsNJLhJzOZEDpE/eysIfORYjCHEywLRvavCm
         Obaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:to:from:subject:message-id:date:user-agent
         :mime-version:content-language:content-transfer-encoding;
        bh=NASkCUElEUJ2w7NLiHT7AmJjdc+sV406hDs7184PtQ4=;
        b=WjO1DiFQJPrgp8Df769AUrXJfUQUNbfK4xmhWCIThsY5r9Zoq6cMVvsQVRqpNXRsPu
         Bqluuqs+bRuNBI1+QkS/ynm90Llc8rVkG94Vqgazr/z6UORV9Kg4Wswveqn3ZsNqFJ6z
         FNfKCsL0OBo3KkgdL9Xlkw9Date70V9b/3ejE27c14wUIs7snVWEz6nufpaiXNLJ+PuX
         9axY7lWs7lcK+eQTeMYXWyKqXtqnv84ZW6XWhg7LsuXxw+099VTfmibi8Na1NT+R34j9
         d5W926Zp6+FWiZOvluxWBz1tOMYVJAbPWobNFiOHu8+vZ5qCb4QIf2xuQjD77W0LjKzg
         BwKA==
X-Gm-Message-State: AMCzsaWB9KET2Q4i3BIfh8f1KzEX9lg3XlXT+Ol/kxhcqt26HWBQwhdA
        mEf6Ax4DBGCobFeaaL2NkjrrV497
X-Received: by 10.98.217.214 with SMTP id b83mr1541924pfl.144.1509579271600;
        Wed, 01 Nov 2017 16:34:31 -0700 (PDT)
Received: from [10.0.4.203] (aa041158.ppp.asahi-net.or.jp. [110.5.41.158])
        by smtp.googlemail.com with ESMTPSA id m78sm2876162pfj.164.2017.11.01.16.34.29
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 01 Nov 2017 16:34:31 -0700 (PDT)
To:     Kees Cook <keescook@chromium.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        toybox@lists.landley.net
From:   Rob Landley <rob@landley.net>
Subject: Regression: commit da029c11e6b1 broke toybox xargs.
Message-ID: <b33da177-a836-40eb-25c8-8134da83c63d@landley.net>
Date:   Wed, 1 Nov 2017 18:34:28 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Toybox has been trying to figure out how big an xargs is allowed to be
for a while:


http://lists.landley.net/pipermail/toybox-landley.net/2017-October/009186.html

We're trying to avoid the case where you can run something from the
command line, but not through xargs. In theory this limit is
sysconf(_SC_ARG_MAX) which on bionic and glibc returns 1/4 RLIMIT_STACK
(in accordance with <strike>the prophecy</strike> fs/exec.c function
get_arg_page()), but that turns out to be too simple. There's also a
131071 byte limit on each _individual_ argument, which I think I've
tracked down to fs/exec.c function setup_arg_pages() doing:

        stack_expand = 131072UL; /* randomly 32*4k (or 2*64k) pages *

And then it worked under ubuntu 14.04 but not current kernels. Why?
Because the above commit from Kees Cook broke it, by taking this:

include/uapi/linux/resource.h:
/*
 * Limit the stack by to some sane default: root can always
 * increase this limit if needed..  8MB seems reasonable.
 */
#define _STK_LIM        (8*1024*1024)

And hardwiring in a random adjustment as a "640k ought to be enough for
anybody" constant on TOP of the existing RLIMIT_STACK/4 check. Without
even adjusting the "oh of course root can make this bigger, this is just
a default value" comment where it's #defined.

Look, if you want to cap RLIMIT_STACK for suid binaries, go for it. The
existing code will notice and adapt. But this new commit is crazy and
arbitrary and introduces more random version dependencies (how is
sysconf() supposed to know the value, an #if/else staircase based on
kernel version in every libc)?

Please revert it,

Rob

From 1583765253620686417@xxx Sat Nov 11 10:30:45 +0000 2017
X-GM-THRID: 1583609222770949892
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread