Re: enforcing RLIMIT_NPROC in setuid() ?

To: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Subject: Re: enforcing RLIMIT_NPROC in setuid() ?
From: "Perry E. Metzger" <perry%piermont.com@localhost>
Date: Fri, 11 Jan 2008 21:31:15 -0500

Joerg Sonnenberger <joerg%britannica.bec.de@localhost> writes:
> On Thu, Jan 10, 2008 at 01:43:57PM -0500, Ed Ravin wrote:
>> Would it make sense to have setuid() check the process limit,
>> and return an error if the user in question is over the limit?
>
> Yes and no. The problem is that it changes the way the Unix security
> model works. When Linux started to do that, they created a nice number
> of root exploitable issues, because processes could not drop the setuid
> and never checked for it. Isn't the check good enough if the limit gets
> inherited and the process is still counted against the real uid?

Not quite, because the user can still create far more processes than
they have quota for by mechanisms like cron or ssh.

Making exec fail seems like a much better idea than having setuid
fail, though you do point out that any such change probably needs
auditing because of unexpected security issues...

Perry

References:
- enforcing RLIMIT_NPROC in setuid() ?
  - From: Ed Ravin
- Re: enforcing RLIMIT_NPROC in setuid() ?
  - From: Joerg Sonnenberger

Prev by Date: Re: enforcing RLIMIT_NPROC in setuid() ?
Next by Date: Re: cgd and remote keys
Previous by Thread: Re: enforcing RLIMIT_NPROC in setuid() ?
Next by Thread: openssl speed
Indexes:

Home | Main Index | Thread Index | Old Index