tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: enforcing RLIMIT_NPROC in setuid() ? (Christos Zoulas) writes:
> Yet another is to do the checking on exec, i.e. let
> root fork() and setuid(), but enforce the limit on exec().

Clearly it is cleanest to enforce this in the kernel -- then we don't
have to worry about every program that might conceivably run something
as a user. One doesn't want to hand patch ssh and forget to patch cron
or what have you.

The exec() trick would be good from this point of view. On the other
hand, if you had a pre-existing process running as the user and it
exec()ed (say the user typed "exec othershell" to the shell), it would
fail because the process limit was exceeded. This may or may not
matter in practice -- when you've hit the process limit, something is
probably quite wrong already and you should expect ordinary things to
start losing. kill is a builtin for most shells so it should still
work, at least.

Do other Unixes have a different way of handling this in the kernel?
What does solaris do, for example?

Regardless, I think that it should be done in the kernel rather than
in the ssh code, so if nothing better comes up, I'd go with your
exec() proposal.


Home | Main Index | Thread Index | Old Index