Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Jun 2011 18:17:45 +0400
From: Vasiliy Kulikov <>
Subject: rlimit_nproc check

Solar, all -

I found 8-years old patch that enables RLIMIT_NPROC check at setuid (and
similar) calls:

So, checking it on execve() is a bit redundant.  But it means that
setuid() may fail if it follows setrlimit() call and the target user
has already reached the limit (asserted on the test C program).  If the
limit is defined in pam_limit, the attack becomes real.



Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.