Re: [RFC][PATCH] /proc/<pid>/rlimit

From: Bill Rugolsky Jr.
Date: Wed Jan 19 2005 - 15:16:58 EST

Next message: Greg KH: "Re: [PATCH 3/4] relayfs for 2.6.10: locking/lockless implementation"
Previous message: John Richard Moser: "Re: thoughts on kernel security issues"
In reply to: Chris Wright: "Re: [RFC][PATCH] /proc/<pid>/rlimit"
Next in thread: Chris Wright: "Re: [RFC][PATCH] /proc/<pid>/rlimit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 19, 2005 at 11:38:03AM -0800, Chris Wright wrote:
> * Jan Knutar (jk-lkml@xxxxxx) wrote:
> > A "cool feature" would be if you could do
> > echo nofile 8192 8192 >/proc/`pidof thatserverproess`/rlimit
> > :-)
>
> This is security sensitive, and is currently only expected to be changed
> by current.

Sure, I had thought of implementing it, paused to consider the security
implications, and then punted.

Chris, on the other point that you made regarding UGO read access to "rlimit",
the same is true of "maps" (at least sans SELinux policy), so I don't
see an issue. Certainly the map information is more security sensitive.

Regards,

-Bill
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: [PATCH 3/4] relayfs for 2.6.10: locking/lockless implementation"
Previous message: John Richard Moser: "Re: thoughts on kernel security issues"
In reply to: Chris Wright: "Re: [RFC][PATCH] /proc/<pid>/rlimit"
Next in thread: Chris Wright: "Re: [RFC][PATCH] /proc/<pid>/rlimit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]