Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits

From: Kari Hurtta
Date: Sun Aug 20 2006 - 03:59:28 EST

Solar Designer <solar@xxxxxxxxxxxx> writes in gmane.linux.kernel

> Attached is a trivial patch (extracted from 2.4.33-ow1) that makes
> set*uid() kill the current process rather than proceed with -EAGAIN when
> the kernel is running out of memory. Apparently, alloc_uid() can't fail
> and return anyway due to properties of the allocator, in which case the
> patch does not change a thing. But better safe than sorry.
> As you're probably aware, 2.6 kernels are affected to a greater extent,
> where set*uid() may also fail on trying to exceed RLIMIT_NPROC. That
> needs to be fixed, too.
> Opinions are welcome.

Perhaps stupid suggestion:

Should there be new signal for 'failure to drop privileges' ?
( perhaps SIGPRIV or is this name free )

By default signal terminates process.

By setting this to SIG_IGN this allows deamons handle situation when
becoming to user failed and give proper error message.

Still unaware root processes are killed and not causing privilge escalation.

/ Kari Hurtta

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at