oss-sec mailing list archives
Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size
From: KOSAKI Motohiro <kosaki.motohiro () jp fujitsu com>
Date: Thu, 9 Sep 2010 14:31:18 +0900 (JST)
I still don't think this addresses the whole problem. Without question, the rlimit / 4 check is bogus. If nobody agrees with the intent of that check, then it should be removed, but I think the better solution is to fix the check so that it matches its original intent: let the initial stack setup be up to 1/Xth of the min(rlimit, TASK_SIZE dependent upon personality), which allows space for additional stack setup in the ELF loader and then further growth once the process is live. If that amount is overstepped, then the exec will return an error to the calling process instead of being terminated. It might be useful to consult with the people who introduced/approved the check in the first place, as they seemed to have reasons for implementing it.
Brad, sorry, I have bad news. glibc sysconf(_SC_ARG_MAX) is implemented by hard coded RLIMIT_STACK/4 heuristics. That said, at least _now_, we can't change this even though you disliked. That said, we can't break userland even though userland library is very crazy. I don't dislike your "1/Xth of the min(rlimit, TASK_SIZE dependent upon
personality)" idea. however I think You and Roland haven't agreed this
point yet. he seems to want "unlimited" works as "unlimited". then, now I don't make such patch. Instead, I would propose to insert __vm_enough_memory() check in execve() pass. It prevent almost argv attack.
Current thread:
- [PATCH] exec argument expansion can inappropriately trigger OOM-killer Kees Cook (Aug 27)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer KOSAKI Motohiro (Aug 29)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Roland McGrath (Aug 29)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 29)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Roland McGrath (Aug 30)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 30)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Roland McGrath (Aug 31)
- [PATCH 0/3] execve argument-copying fixes Roland McGrath (Sep 07)
- [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 07)
- Message not available
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size KOSAKI Motohiro (Sep 09)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 10)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size KOSAKI Motohiro (Sep 10)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 11)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 15)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 29)
- Message not available
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 10)