From: Willy Tarreau <w@1wt.eu>
To: Jiri Slaby <jslaby@suse.cz>
Cc: stable@vger.kernel.org, linux-kernel@vger.kernel.org,
"David S . Miller" <davem@davemloft.net>,
Hannes Frederic Sowa <hannes@stressinduktion.org>
Subject: Re: [PATCH 3.12 32/64] unix: properly account for FDs passed over unix sockets
Date: Thu, 11 Feb 2016 18:32:33 +0100 [thread overview]
Message-ID: <20160211173233.GA27734@1wt.eu> (raw)
In-Reply-To: <9065c7d8c8be841107dcd6711ab3779553c68fd7.1455198893.git.jslaby@suse.cz>
Hi Jiri,
On Thu, Feb 11, 2016 at 02:59:08PM +0100, Jiri Slaby wrote:
> From: willy tarreau <w@1wt.eu>
>
> 3.12-stable review patch. If anyone has any objections, please let me know.
>
> ===============
>
> [ Upstream commit 712f4aad406bb1ed67f3f98d04c044191f0ff593 ]
>
> It is possible for a process to allocate and accumulate far more FDs than
> the process' limit by sending them over a unix socket then closing them
> to keep the process' fd count low.
>
> This change addresses this problem by keeping track of the number of FDs
> in flight per user and preventing non-privileged processes from having
> more FDs in flight than their configured FD limit.
>
> Reported-by: socketpair@gmail.com
> Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Mitigates: CVE-2013-4312 (Linux 2.0+)
> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
> Signed-off-by: Willy Tarreau <w@1wt.eu>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
A possible issue was reported regarding this patch, and Hannes
implemented a fix that's not yet in mainline. I guess it's
preferable to postpone this patch for now.
Thanks,
Willy
next prev parent reply other threads:[~2016-02-11 17:32 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-11 13:59 [PATCH 3.12 00/64] 3.12.54-stable review Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 01/64] ALSA: rme96: Fix unexpected volume reset after rate changes Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 02/64] ALSA: hda - Add inverted dmic for Packard Bell DOTS Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 03/64] ALSA: hda - Set SKL+ hda controller power at freeze() and thaw() Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 04/64] ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2) Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 05/64] ALSA: seq: Fix missing NULL check at remove_events ioctl Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 06/64] ALSA: seq: Fix race at timer setup and close Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 07/64] ALSA: timer: Harden slave timer list handling Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 08/64] ALSA: timer: Fix race among timer ioctls Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 09/64] ALSA: timer: Fix double unlink of active_list Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 10/64] ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 11/64] ALSA: pcm: Fix snd_pcm_hw_params struct copy " Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 12/64] ALSA: hrtimer: Fix stall by hrtimer_cancel() Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 13/64] ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0 Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 14/64] ASoC: wm8962: correct addresses for HPF_C_0/1 Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 15/64] ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 16/64] ASoC: compress: Fix compress device direction check Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 17/64] usb: xhci: fix config fail of FS hub behind a HS hub with MTT Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 18/64] USB: ipaq.c: fix a timeout loop Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 19/64] USB: cp210x: add ID for ELV Marble Sound Board 1 Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 20/64] xhci: refuse loading if nousb is used Jiri Slaby
2016-02-16 3:06 ` Ben Hutchings
2016-02-16 8:49 ` Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 21/64] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 22/64] ARM: 8160/1: drop warning about return_address not using unwind tables Jiri Slaby
2016-02-11 13:58 ` [PATCH 3.12 23/64] drm/radeon: cypress_dpm: Fix unused variable warning when CONFIG_ACPI=n Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 24/64] drm: radeon: ni_dpm: " Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 25/64] lkdtm: adjust recursion size to avoid warnings Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 26/64] RDMA/cxgb4: Fix gcc warning on 32-bit arch Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 27/64] mISDN: avoid arch specific __builtin_return_address call Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 28/64] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 29/64] ipv6/addrlabel: fix ip6addrlbl_get() Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 30/64] sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 31/64] connector: bump skb->users before callback invocation Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 32/64] unix: properly account for FDs passed over unix sockets Jiri Slaby
2016-02-11 17:32 ` Willy Tarreau [this message]
2016-02-12 7:57 ` Jiri Slaby
2016-02-12 8:45 ` Philipp Hahn
2016-02-12 9:03 ` Willy Tarreau
2016-02-11 13:59 ` [PATCH 3.12 33/64] bridge: Only call /sbin/bridge-stp for the initial network namespace Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 34/64] net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 35/64] ipv6: tcp: add rcu locking in tcp_v6_send_synack() Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 36/64] tcp_yeah: don't set ssthresh below 2 Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 37/64] phonet: properly unshare skbs in phonet_rcv() Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 38/64] ipv6: update skb->csum when CE mark is propagated Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 39/64] team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 40/64] xfrm: dst_entries_init() per-net dst_ops Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 41/64] powerpc/tm: Block signal return setting invalid MSR state Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 42/64] powerpc: Make value-returning atomics fully ordered Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 43/64] powerpc: Make {cmp}xchg* and their atomic_ versions " Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 44/64] scripts/recordmcount.pl: support data in text section on powerpc Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 45/64] arm64: KVM: Fix AArch32 to AArch64 register mapping Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 46/64] arm64: fix building without CONFIG_UID16 Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 47/64] arm64: Clear out any singlestep state on a ptrace detach operation Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 48/64] arm64: mm: ensure that the zero page is visible to the page table walker Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 49/64] parisc iommu: fix panic due to trying to allocate too large region Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 50/64] HID: core: Avoid uninitialized buffer access Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 51/64] mn10300: Select CONFIG_HAVE_UID16 to fix build failure Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 52/64] arm64: restore bogomips information in /proc/cpuinfo Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 53/64] compiler/gcc4+: Remove inaccurate comment about 'asm goto' miscompiles Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 54/64] compiler-gcc: integrate the various compiler-gcc[345].h files Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 55/64] x86: vvar, fix excessive gcc-6 DECLARE_VVAR warnings Jiri Slaby
2016-02-12 16:42 ` Andy Lutomirski
2016-02-11 13:59 ` [PATCH 3.12 56/64] openrisc: fix CONFIG_UID16 setting Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 57/64] vmstat: explicitly schedule per-cpu work on the CPU we need it to run on Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 58/64] Revert "workqueue: make sure delayed work run in local cpu" Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 59/64] xhci: fix placement of call to usb_disabled() Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 60/64] recordmcount: Fix endianness handling bug for nop_mcount Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 61/64] crypto: algif_hash - Only export and import on sockets with data Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 62/64] dm btree: fix leak of bufio-backed block in btree_split_sibling error path Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 63/64] drivers/base/memory.c: prohibit offlining of memory blocks with missing sections Jiri Slaby
2016-02-11 13:59 ` [PATCH 3.12 64/64] HID: usbhid: fix recursive deadlock Jiri Slaby
2016-02-11 14:09 ` [PATCH 3.12 00/64] 3.12.54-stable review Nikolay Borisov
2016-02-11 14:10 ` Jiri Slaby
2016-02-11 14:12 ` Jiri Slaby
2016-02-11 14:17 ` [PATCH 3.12 65/65] dm thin: fix race condition when destroying thin pool workqueue Jiri Slaby
2016-02-11 18:17 ` [PATCH 3.12 00/64] 3.12.54-stable review Guenter Roeck
2016-02-11 19:26 ` Shuah Khan
2016-02-15 15:20 ` Jiri Slaby
2016-02-15 16:10 ` Winkler, Tomas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160211173233.GA27734@1wt.eu \
--to=w@1wt.eu \
--cc=davem@davemloft.net \
--cc=hannes@stressinduktion.org \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).