From: Solar Designer <solar@openwall.com>
To: kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common()
Date: Sun, 24 Jul 2011 18:32:31 +0400 [thread overview]
Message-ID: <20110724143231.GA18453@openwall.com> (raw)
In-Reply-To: <20110721124830.GA1325@openwall.com>
Vasiliy,
On Thu, Jul 21, 2011 at 04:48:30PM +0400, Solar Designer wrote:
> Here's my current proposal:
>
> 1. Apply Vasiliy's patch to move the RLIMIT_NPROC check from setuid() to
> execve(), optionally enhanced with setting PF_SETUSER_FAILED on
> would-be-failed setuid() and checking this flag in execve() (in addition
> to repeating the RLIMIT_NPROC check).
>
> 2. With a separate patch, add a prctl() to read the PF_SETUSER_FAILED flag.
> Android will be able to use this if it wants to.
Can you please implement these two patches and post them to LKML?
(Include the PF_SETUSER_FAILED implementation in the first patch.)
Or do you have a different suggestion on how to proceed?
Thanks,
Alexander
next prev parent reply other threads:[~2011-07-24 14:32 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-12 13:09 [kernel-hardening] RLIMIT_NPROC check in set_user() Vasiliy Kulikov
2011-06-12 13:09 ` Vasiliy Kulikov
2011-07-06 17:36 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-06 17:36 ` Vasiliy Kulikov
2011-07-06 18:01 ` [kernel-hardening] " Linus Torvalds
2011-07-06 18:01 ` Linus Torvalds
2011-07-06 18:59 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-07 7:56 ` Vasiliy Kulikov
2011-07-07 8:19 ` Vasiliy Kulikov
2011-07-12 13:27 ` [kernel-hardening] [PATCH] move RLIMIT_NPROC check from set_user() to do_execve_common() Vasiliy Kulikov
2011-07-12 13:27 ` Vasiliy Kulikov
2011-07-12 21:16 ` [kernel-hardening] " Linus Torvalds
2011-07-12 21:16 ` Linus Torvalds
2011-07-12 23:14 ` [kernel-hardening] " NeilBrown
2011-07-12 23:14 ` NeilBrown
2011-07-13 6:31 ` [kernel-hardening] " Solar Designer
2011-07-13 6:31 ` Solar Designer
2011-07-13 7:06 ` [kernel-hardening] " NeilBrown
2011-07-13 7:06 ` NeilBrown
2011-07-13 20:46 ` [kernel-hardening] " Linus Torvalds
2011-07-13 20:46 ` Linus Torvalds
2011-07-14 0:11 ` [kernel-hardening] " James Morris
2011-07-14 0:11 ` James Morris
2011-07-14 1:27 ` [kernel-hardening] " NeilBrown
2011-07-14 1:27 ` NeilBrown
2011-07-14 15:06 ` [kernel-hardening] " Solar Designer
2011-07-14 15:06 ` Solar Designer
2011-07-15 3:30 ` [kernel-hardening] " NeilBrown
2011-07-15 3:30 ` NeilBrown
2011-07-15 5:35 ` [kernel-hardening] " Willy Tarreau
2011-07-15 5:35 ` Willy Tarreau
2011-07-15 6:31 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-15 7:06 ` NeilBrown
2011-07-15 7:06 ` NeilBrown
2011-07-15 7:38 ` Vasiliy Kulikov
2011-07-15 13:04 ` Solar Designer
2011-07-15 13:04 ` Solar Designer
2011-07-15 13:58 ` [kernel-hardening] " Stephen Smalley
2011-07-15 15:26 ` Vasiliy Kulikov
2011-07-15 19:54 ` Stephen Smalley
2011-07-21 4:09 ` NeilBrown
2011-07-21 12:48 ` Solar Designer
2011-07-21 18:21 ` Linus Torvalds
2011-07-21 19:39 ` [kernel-hardening] " Solar Designer
2011-07-25 17:14 ` Vasiliy Kulikov
2011-07-25 17:14 ` Vasiliy Kulikov
2011-07-25 23:40 ` [kernel-hardening] " Solar Designer
2011-07-26 0:47 ` NeilBrown
2011-07-26 1:16 ` Solar Designer
2011-07-26 4:11 ` NeilBrown
2011-07-26 14:48 ` [kernel-hardening] [patch v2] " Vasiliy Kulikov
2011-07-26 14:48 ` Vasiliy Kulikov
2011-07-27 2:15 ` [kernel-hardening] " NeilBrown
2011-07-27 2:15 ` NeilBrown
2011-07-29 7:07 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-29 8:06 ` Vasiliy Kulikov
2011-07-29 8:06 ` Vasiliy Kulikov
2011-07-29 8:11 ` [kernel-hardening] [patch v3] " Vasiliy Kulikov
2011-07-29 8:11 ` Vasiliy Kulikov
2011-07-29 8:17 ` [kernel-hardening] " James Morris
2011-07-29 8:17 ` James Morris
2011-07-24 14:32 ` Solar Designer [this message]
2011-07-24 18:02 ` [kernel-hardening] [PATCH] " Vasiliy Kulikov
2011-07-14 1:30 ` [kernel-hardening] " KOSAKI Motohiro
2011-07-14 1:30 ` KOSAKI Motohiro
2011-07-13 5:36 ` [kernel-hardening] " KOSAKI Motohiro
2011-07-13 5:36 ` KOSAKI Motohiro
2011-07-14 15:22 ` [kernel-hardening] " Solar Designer
2011-07-14 15:55 ` Vasiliy Kulikov
2011-07-11 16:59 ` [kernel-hardening] RLIMIT_NPROC check in set_user() Solar Designer
2011-07-11 18:56 ` Vasiliy Kulikov
2011-07-13 9:48 ` Solar Designer
2011-07-14 14:15 ` Solar Designer
2011-07-14 14:27 ` Vasiliy Kulikov
2011-07-14 15:14 ` Solar Designer
2011-07-14 16:31 ` [kernel-hardening] compile time warnings in libc for setuid() unused result (was: RLIMIT_NPROC check in set_user()) Vasiliy Kulikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110724143231.GA18453@openwall.com \
--to=solar@openwall.com \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.