Skip to main content

Browse the archive

https://github.com/torvalds/linux
17 May 2024, 09:02:56 UTC
Revision 04e35f4495dd560db30c25efca4eecae8ec8c375 authored by Kees Cook on 30 November 2017, 00:10:51 UTC, committed by Linus Torvalds on 30 November 2017, 02:40:42 UTC 
exec: avoid RLIMIT_STACK races with prlimit()
 
While the defense-in-depth RLIMIT_STACK limit on setuid processes was
protected against races from other threads calling setrlimit(), I missed
protecting it against races from external processes calling prlimit().
This adds locking around the change and makes sure that rlim_max is set
too.

Link: http://lkml.kernel.org/r/20171127193457.GA11348@beast
Fixes: 64701dee4178e ("exec: Use sane stack rlimit under secureexec")
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Reported-by: Brad Spengler <spender@grsecurity.net>
Acked-by: Serge Hallyn <serge@hallyn.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 5f1d43d
History
Tip revision: 04e35f4495dd560db30c25efca4eecae8ec8c375 authored by Kees Cook on 30 November 2017, 00:10:51 UTC
exec: avoid RLIMIT_STACK races with prlimit()
Tip revision: 04e35f4
File Mode Size
Documentation
arch
block
certs
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.cocciconfig -rw-r--r-- 59 bytes
.get_maintainer.ignore -rw-r--r-- 31 bytes
.gitattributes -rw-r--r-- 30 bytes
.gitignore -rw-r--r-- 1.4 KB
.mailmap -rw-r--r-- 8.8 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 96.2 KB
Kbuild -rw-r--r-- 2.2 KB
Kconfig -rw-r--r-- 287 bytes
MAINTAINERS -rw-r--r-- 425.9 KB
Makefile -rw-r--r-- 58.3 KB
README -rw-r--r-- 722 bytes

README

back to top