Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Jul 2011 14:16:10 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Vasiliy Kulikov <segoon@...nwall.com>
Cc: linux-kernel@...r.kernel.org, Greg Kroah-Hartman <gregkh@...e.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "David S. Miller" <davem@...emloft.net>,
        kernel-hardening@...ts.openwall.com, Jiri Slaby <jslaby@...e.cz>,
        James Morris <jmorris@...ei.org>, Neil Brown <neilb@...e.de>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common()

On Tue, Jul 12, 2011 at 6:27 AM, Vasiliy Kulikov <segoon@...nwall.com> wrote:
>
> The NPROC can still be enforced in the common code flow of daemons
> spawning user processes.  Most of daemons do fork()+setuid()+execve().
> The check introduced in execve() enforces the same limit as in setuid()
> and doesn't create similar security issues.

Ok, this looks fine by me. I'd like to get some kind of comment from
the selinux etc people (James?) but I'd certainly be willing to take
this.

Failing when executing a suid application rather than when a suid
application releases its heightened credentials seems to be the
fundamentally saner approach. IOW, failing to raise privileges rather
than failing to lower them.

                   Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ