On Tue, 27 Jun 2017, Oleg Nesterov wrote:
> Perhaps it makes sense to reset RLIMITs on suid exec (say, if
> bprm->per_clear is not zero) ? Yes, it is not clear how should we define
> SANE_RLIMITS_FOR_SUID, and this should probably depend on sysctl, etc.
Hmm, this should be an userspace-defined
On 06/27, Jiri Kosina wrote:
>
> On Fri, 23 Jun 2017, Oleg Nesterov wrote:
>
> > > We added a heuristics to treat applications with RLIMIT_STACK configured
> > > to unlimited as legacy. This means:
> >
> > To me this also means a minor security problem. The comment above
> > PER_CLEAR_ON_SETID says
On Fri, 23 Jun 2017, Oleg Nesterov wrote:
> > We added a heuristics to treat applications with RLIMIT_STACK configured
> > to unlimited as legacy. This means:
>
> To me this also means a minor security problem. The comment above
> PER_CLEAR_ON_SETID says "must be cleared upon setuid or setgid exe
Commit-ID: 4a06370bcb674af88679a4f2c5c87c3e40688935
Gitweb: http://git.kernel.org/tip/4a06370bcb674af88679a4f2c5c87c3e40688935
Author: Michal Hocko
AuthorDate: Wed, 14 Jun 2017 10:22:18 +0200
Committer: Ingo Molnar
CommitDate: Sat, 24 Jun 2017 08:39:16 +0200
x86/mmap, ASLR: Do not trea
On Fri, 23 Jun 2017, tip-bot for Michal Hocko wrote:
> TASK_SIZE (allowed by mmap_base) is pretty much unimited in the real
> life. This would give mmap 20TB of additional address space which is
> quite nice. Especially when it is much more likely to use that address
> space than the reserved stac
On 06/23, tip-bot for Michal Hocko wrote:
>
> We added a heuristics to treat applications with RLIMIT_STACK configured
> to unlimited as legacy. This means:
To me this also means a minor security problem. The comment above
PER_CLEAR_ON_SETID says "must be cleared upon setuid or setgid exec",
but i
Commit-ID: 86b110d2ae6365ce91cabd37588bc8611770421a
Gitweb: http://git.kernel.org/tip/86b110d2ae6365ce91cabd37588bc8611770421a
Author: Michal Hocko
AuthorDate: Wed, 14 Jun 2017 10:22:18 +0200
Committer: Ingo Molnar
CommitDate: Fri, 23 Jun 2017 11:02:01 +0200
x86/mmap, ASLR: Do not trea
7 matches
Mail list logo