Re: [PATCH] no RLIMIT_NPROC for root, please

From: Jan Rekorajski (baggins@sith.mimuw.edu.pl)
Date: Tue Nov 28 2000 - 16:11:55 EST

Next message: Andreas Schwab: "Re: [PATCH] no RLIMIT_NPROC for root, please"
Previous message: Ben Ford: "Re: out of swap"
In reply to: Tigran Aivazian: "Re: [PATCH] no RLIMIT_NPROC for root, please"
Next in thread: Pavel Machek: "Re: [PATCH] no RLIMIT_NPROC for root, please"
Reply: Pavel Machek: "Re: [PATCH] no RLIMIT_NPROC for root, please"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 28 Nov 2000, Tigran Aivazian wrote:

> On Tue, 28 Nov 2000, Jan Rekorajski wrote:
> > --- linux/kernel/fork.c~ Tue Sep 5 23:48:59 2000
> > +++ linux/kernel/fork.c Sun Nov 26 20:22:20 2000
> > @@ -560,7 +560,8 @@
> > *p = *current;
> >
> > retval = -EAGAIN;
> > - if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur)
> > + if (p->user->uid &&
> > + (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur))
>
> Jan,
>
> Hardcoding things signifying special treatment of uid=0 is almost always a
> bad idea. If you _really_ think that superuser (whatever entity that might
> be) should be exempt from RLIMIT_NPROC and can prove that (SuSv2 seems to
> be silent so you may be right), then you should use capable() to do proper
> capability test and not that horrible explicit uid test as in your patch
> above.

Ok, how about setting limits on login? When this looks like:

--- uid = 0 here
setrlimit(RLIMIT_NPROC, n)
fork() <- this will fail if root has >n processes
setuid(user)

and it is hard to change this sequence, all PAM enabled apps depend on it :(

The other scenario may be when root has already n processes,
call them system stuff, and cannot login or even kill anything
because of limits.

Is this patch better? I put CAP_SYS_RESOURCE, but maybe it should be
CAP_SYS_ADMIN.

--- linux/kernel/fork.c~ Fri Nov 17 15:09:26 2000
+++ linux/kernel/fork.c Tue Nov 28 22:02:17 2000
@@ -562,7 +562,8 @@
         *p = *current;

         retval = -EAGAIN;
- if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur)
+ if ((atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur) &&
+ !capable(CAP_SYS_RESOURCE))
                 goto bad_fork_free;
         atomic_inc(&p->user->__count);
         atomic_inc(&p->user->processes);

Jan

-- 
Jan Rękorajski            |  ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl   |  OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, type MANIAC         |                   -- TROOPS by Kevin Rubio
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andreas Schwab: "Re: [PATCH] no RLIMIT_NPROC for root, please"
Previous message: Ben Ford: "Re: out of swap"
In reply to: Tigran Aivazian: "Re: [PATCH] no RLIMIT_NPROC for root, please"
Next in thread: Pavel Machek: "Re: [PATCH] no RLIMIT_NPROC for root, please"
Reply: Pavel Machek: "Re: [PATCH] no RLIMIT_NPROC for root, please"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 30 2000 - 21:00:20 EST