From: Willy Tarreau <[email protected]> Date: Mon, 28 Dec 2015 15:14:35 +0100
> It is possible for a process to allocate and accumulate far more FDs than > the process' limit by sending them over a unix socket then closing them > to keep the process' fd count low. > > This change addresses this problem by keeping track of the number of FDs > in flight per user and preventing non-privileged processes from having > more FDs in flight than their configured FD limit. > > Reported-by: [email protected] > Suggested-by: Linus Torvalds <[email protected]> > Signed-off-by: Willy Tarreau <[email protected]> > --- > It would be nice if (if accepted) it would be backported to -stable as the > issue is currently exploitable. As mentioned, please remove the unix_sock_count variable and associated code as it is completely unused after this patch. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
