tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/kern


Andrew Doran wrote:
Module Name:    src
Committed By:   ad
Date:           Sun Mar 23 17:40:25 UTC 2008

Modified Files:
        src/sys/kern: kern_fork.c

Log Message:
Undo 1.150 (Don't make root an exception when enforcing rlimits). No other
Unix behaves this way and it breaks too many things, e.g. web servers.

Was it that critical that this had to go in without any discussion
and/or okay from other people? you re-introduced a uid 0 check with
this commit, despite the fact I've asked not to numerous times.

There are other people who are developing on top of this framework.
With introducing uid 0 checks you are potentially breaking other
peoples' code.

Can you elaborate on what breaks? can you elaborate on why this couldn't
have been done through kauth? the reason there is no kauth backend for
rlimits is that opinions expressed in the past suggested root shouldn't
be an exception to *enforcement*, but rather allowed to bump it up as
much as desired.

If you're claiming that allowing consumption of resources that might
crash the machine is better than denying it, then that too needs


Home | Main Index | Thread Index | Old Index