Subject: Re: check resource limits with exec(3)?
To: Jeremy C. Reed <email@example.com>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 06/07/2006 19:20:35
Content-Type: text/plain; charset=US-ASCII
At Tue, 6 Jun 2006 11:10:01 -0700 (PDT),
Jeremy C. Reed wrote:
> Here is the problem: A program running as root is forked and has the
> resource limitations as allowed for root. The new child process's
> resources are changed using setusercontext() including changing the
> running group id and user id. Then it execle() to run a different process
> as this new user -- this is allowed even if over the maximum allowed
> maxproc for that user.
Where is the problem with that?
In your example case a privileged user is either (depending on your
point of view: granting additional (and temporary) resources to the
other user; or else is taking advantage of it's own (the privileged
user's) resources to do something as (or on behalf of) the other user.
In either case I think it would be logically wrong to ever prevent the
privileged user from making use of its own resources as it sees fit.
> I think a fix for this problem would be to do a double fork. Do the second
> fork after the setusercontext(). This second fork will correctly fail if
> over the maxproc for example. (And examples of doing a double fork for
> this purpose?)
Well if your application wants to call fork() twice just for the sake of
potentially failing when there's no good reason to fail, well I guess
that's your application's prerogative! :-)
> Or is it acceptable for programs to go over (ignore) the defined maxproc?
I think if the exceeding is done by the grace of a privileged user, then
yes it's acceptable. I think that's always been the unix way.....
> (NetBSD includes a couple in the default install that allow normal users
> to start more processes than they are allowed.)
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <email@example.com>
Planix, Inc. <firstname.lastname@example.org> Secrets of the Weird <email@example.com>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
-----END PGP SIGNATURE-----