Re: sbrk(2) broken

From: Dag-Erling Smørgrav <des_at_des.no>
Date: Sat, 05 Jan 2008 15:01:13 +0100
Skip Ford <skip_at_menantico.com> writes:
> Kostik Belousov <kostikbel_at_gmail.com> writes:
> > - per-user RLIMIT_SWAP limit, that account the allocation by the uid. This
> >   has some obvious problems with setuid(2) syscall. AFAIR, I ended up
> >   not moving the accounted numbers to the new uid.
> The concensus in this thread seems to be that a per-process limit needs to
> be implemented rather than, or in addition to, the per-uid limit you
> already have.

Implementing a per-process limit would help fix the setuid() problem,
since the usage of the process calling setuid() would be known and could
be transferred to the new user.  There could however be a problem when a
process creates a MAP_SHARED | MAP_ANON mapping, then fork()s, and the
child calls setuid() (think privilege separation).  Hopefully, this case
is rare enough (malloc() always uses MAP_PRIVATE) that it can be handled
using the most restrictive interpretation possible rather than trying to
be painstakingly precise.

(BTW, Skip, I find your MUA's use of Mail-Followup-To: offensive; if you
don't want a copy of the followup, set the followup address to the list,
not to a random previous participant in the thread)

DES
-- 
Dag-Erling Smørgrav - des_at_des.no
Received on Sat Jan 05 2008 - 13:01:23 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:25 UTC