[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: enforcing RLIMIT_NPROC in setuid() ?
On Thu, 10 Jan 2008, Ed Ravin wrote:
> Would it make sense to have setuid() check the process limit,
> and return an error if the user in question is over the limit?
> That way, programs that check the return value of setuid() would
> fail and prevent new processes from being created by login loops
> like the one described above.
I think so.
I have found that login, su, and cron could easily be used to bypass these
limits. I believe it is a security issue.
Have a look at
> It would probably be a good idea for setuid() to still carry out
> the UID change, just in case there's a poorly written program
> somewhere that doesn't check the return value.
I am not sure about that.
Jeremy C. Reed
Main Index |
Thread Index |