Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
From: Kari Hurtta
Date: Sun Aug 20 2006 - 03:59:28 EST
Solar Designer <solar@xxxxxxxxxxxx> writes in gmane.linux.kernel
> Attached is a trivial patch (extracted from 2.4.33-ow1) that makes
> set*uid() kill the current process rather than proceed with -EAGAIN when
> the kernel is running out of memory. Apparently, alloc_uid() can't fail
> and return anyway due to properties of the allocator, in which case the
> patch does not change a thing. But better safe than sorry.
> As you're probably aware, 2.6 kernels are affected to a greater extent,
> where set*uid() may also fail on trying to exceed RLIMIT_NPROC. That
> needs to be fixed, too.
> Opinions are welcome.
Perhaps stupid suggestion:
Should there be new signal for 'failure to drop privileges' ?
( perhaps SIGPRIV or is this name free )
By default signal terminates process.
By setting this to SIG_IGN this allows deamons handle situation when
becoming to user failed and give proper error message.
Still unaware root processes are killed and not causing privilge escalation.
/ Kari Hurtta
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/