Subject: Re: check resource limits with exec(3)?
To: Jeremy C. Reed <reed@reedmedia.net>
From: Greg A. Woods <woods@weird.com>
List: tech-userlevel
Date: 06/07/2006 19:20:35
--pgp-sign-Multipart_Wed_Jun__7_19:20:32_2006-1
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
At Tue, 6 Jun 2006 11:10:01 -0700 (PDT),
Jeremy C. Reed wrote:
>=20
> Here is the problem: A program running as root is forked and has the
> resource limitations as allowed for root. The new child process's
> resources are changed using setusercontext() including changing the
> running group id and user id. Then it execle() to run a different process
> as this new user -- this is allowed even if over the maximum allowed
> maxproc for that user.
Where is the problem with that?
In your example case a privileged user is either (depending on your
point of view: granting additional (and temporary) resources to the
other user; or else is taking advantage of it's own (the privileged
user's) resources to do something as (or on behalf of) the other user.
In either case I think it would be logically wrong to ever prevent the
privileged user from making use of its own resources as it sees fit.
> I think a fix for this problem would be to do a double fork. Do the second
> fork after the setusercontext(). This second fork will correctly fail if
> over the maxproc for example. (And examples of doing a double fork for
> this purpose?)
Well if your application wants to call fork() twice just for the sake of
potentially failing when there's no good reason to fail, well I guess
that's your application's prerogative! :-)
> Or is it acceptable for programs to go over (ignore) the defined maxproc?
I think if the exceeding is done by the grace of a privileged user, then
yes it's acceptable. I think that's always been the unix way.....
> (NetBSD includes a couple in the default install that allow normal users
> to start more processes than they are allowed.)
Concrete examples?
--=20
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com> Secrets of the Weird <woods@weird.com>
--pgp-sign-Multipart_Wed_Jun__7_19:20:32_2006-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: PyPIBj4avW0+mMeG4jFuWc4pqE95k2Rg
iQA/AwUBRIdfQmJ7XxTCWceFEQLZMwCeKWt0skSHP5rckyhTvvxBvgasXJMAn3GI
ssaFnGok8qB+8YVrPEvb0OfG
=z4XH
-----END PGP SIGNATURE-----
--pgp-sign-Multipart_Wed_Jun__7_19:20:32_2006-1--