Subject: Re: check resource limits with exec(3)?
To: None <tech-userlevel@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-userlevel
Date: 06/06/2006 11:10:01
On Mon, 5 Jun 2006, Greg A. Woods wrote:
> > What is the procedure for checking resource limits when the process is
> > started as root with a fork and then uses setuid to change user?
> >
> > Should exec(3) check if the resource limit (like maxproc) has already been
> > reached?
>
> No, it had better not do so, especially not maxproc. Calls to the
> exec() family of functions do not change the number of processes that
> are running.
>
> It is also critical that one be able to exec another program when one is
> already running maxproc processes.
Maybe add a new exec()-type function that checks limits? Probably not,
since that would not be portable.
Here is the problem: A program running as root is forked and has the
resource limitations as allowed for root. The new child process's
resources are changed using setusercontext() including changing the
running group id and user id. Then it execle() to run a different process
as this new user -- this is allowed even if over the maximum allowed
maxproc for that user.
I think a fix for this problem would be to do a double fork. Do the second
fork after the setusercontext(). This second fork will correctly fail if
over the maxproc for example. (And examples of doing a double fork for
this purpose?)
Or should a userland program check the resource settings itself? (Any
examples of that?)
Or is it acceptable for programs to go over (ignore) the defined maxproc?
(NetBSD includes a couple in the default install that allow normal users
to start more processes than they are allowed.)
Jeremy C. Reed
echo '9,J8HD,fDGG8B@?:536FC5=8@I;C5?@H5B0D@5GBIELD54DL>@8L?:5GDEJ8LDG1' |\
sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP'