Subject: Re: check resource limits with exec(3)?
To: Jeremy C. Reed <>
From: Greg A. Woods <>
List: tech-userlevel
Date: 06/07/2006 19:20:35
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

At Tue, 6 Jun 2006 11:10:01 -0700 (PDT),
Jeremy C. Reed wrote:
> Here is the problem: A program running as root is forked and has the
> resource limitations as allowed for root. The new child process's
> resources are changed using setusercontext() including changing the
> running group id and user id. Then it execle() to run a different process
> as this new user -- this is allowed even if over the maximum allowed
> maxproc for that user.

Where is the problem with that?

In your example case a privileged user is either (depending on your
point of view: granting additional (and temporary) resources to the
other user; or else is taking advantage of it's own (the privileged
user's) resources to do something as (or on behalf of) the other user.

In either case I think it would be logically wrong to ever prevent the
privileged user from making use of its own resources as it sees fit.

> I think a fix for this problem would be to do a double fork. Do the second
> fork after the setusercontext(). This second fork will correctly fail if
> over the maxproc for example. (And examples of doing a double fork for
> this purpose?)

Well if your application wants to call fork() twice just for the sake of
potentially failing when there's no good reason to fail, well I guess
that's your application's prerogative!  :-)

> Or is it acceptable for programs to go over (ignore) the defined maxproc?

I think if the exceeding is done by the grace of a privileged user, then
yes it's acceptable.  I think that's always been the unix way.....

> (NetBSD includes a couple in the default install that allow normal users
> to start more processes than they are allowed.)

Concrete examples?

						Greg A. Woods

H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <>
Planix, Inc. <>       Secrets of the Weird <>

Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

Version: PGPfreeware 5.0i for non-commercial use
MessageID: PyPIBj4avW0+mMeG4jFuWc4pqE95k2Rg