+-- On Mon, 19 Nov 2012, Kees Cook wrote --+ | I think to avoid the explosion of request_module calls in the abusive | case, we could simply return ELOOP instead of ENOEXEC on max | recursion.
-> http://www.spinics.net/lists/mm-commits/msg92433.html 1. returning -ELOOP has a side effect of not reaching to request_module() ever, for: == #ifdef CONFIG_MODULES 1415 if (retval != -ENOEXEC || bprm->mm == NULL) { 1416 break; 1417 } else { ... == 2. above patch does not seem to fix the 2^6(64) recursions issue, for: == + bprm->recursion_depth = depth + 1; retval = fn(bprm); bprm->recursion_depth = depth; == setting - recursion_dept = depth - again and the outer for(try=0;try<2...) loop seems to be causing the 2^6 recursions. Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
