On Mon, Jul 10, 2017 at 8:59 AM, Michal Hocko <mho...@kernel.org> wrote: > > We will always need some gap inforcement.
Considering the Java issue, that's rather questionable. We really can't be breaking libreoffice. That's like a big classic no-no - it affects normal users that simply cannot be expected to work around it. For them, it's a "my office application no longer works" situation, and they just think the system is flaky. Now, somebody who explicitly raised the stack limit past 24MB and gets bit because he also tries to use more than 6M of arguments - that's actually a different issue. Let's see if anybody ever even complains, and then we might make it a "only for suid binaries" thing. But honestly, a security limit that isn't tested in normal working is not a security limit at all, it's just theory and likely bullshit. So I'd much rather *not* make it suid-specific if at all possible. That way it has some chance in hell of actually getting tested. Linus