> > Another idea would be to add the amount of memory used to manage the fds > > to sock_rmem/wmem but I don't see any advantages or disadvantages. > > Compared to the impact of the pending data in pipes themselves in flight, > this would remain fairly minimal.
The true size of the memory pinned by a file handle cannot be determined by the socket layer anyway. If the handle is for a device it may be pinning lots of memory in the device driver. It's up to the rest of the system to manage and contain those resource allocations correctly which a fair bit of the code (except graphics) does properly. The resource counting does create the reverse problem that user A running a program written by hostile user B may find it takes all their resources, stuffs them down an AF_UNIX socket and passes the last reference to the socket via a setuid app somewhere where the user can't get it back. For an end user case that's pretty irrelevant - you run hostile user B's app then you already lost. For a service it's an interesting attack vector but not one I can see any obvious ways to exploit because (with the possible exception of dbus) services simply don't pass file handles down sockets to untrusted targets. Alan -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
