oss-sec mailing list archives

Re: [PATCH 2/2] execve: check the VM has enough memory at first

From: KOSAKI Motohiro <kosaki.motohiro () jp fujitsu com>
Date: Thu, 16 Sep 2010 14:51:55 +0900 (JST)

On Wed, Sep 8, 2010 at 10:04 PM, KOSAKI Motohiro
<kosaki.motohiro () jp fujitsu com> wrote:


After this patch, execve() expand stack at first and receive to
check vm_enough_memory() properly. then, too long argument of
execve() than the machine memory return EFAULT properly.


This is horrible. We don't want to walk the arguments one more time
just for this. Let's just improve the checks that we do as we go
along.

                            Linus


Okey. I'll consider new way in this night.


After while thinking, I decided to just drop this idea. because
 1) If one pass check is must, we can't reuse vm-overcommit check.
 2) Glibc has the duplicated hueristic, then we can't change it nor
    introduce new hard limit. (Sh*t)
 3) This is not must fix, it only mitigate a pain when accidental large
    argv case. Only OOM fixes enough care intended attack case.
 4) distro can change default of rlim_max of RLIMIT_STACK. It protect
    from RLIM_INFINITY smash.

Briefly says, to introduce new limit has bad benefit/risk balance. Sadly.

Current thread:

Re: [PATCH 0/3] execve argument-copying fixes, (continued)
- - - Re: [PATCH 0/3] execve argument-copying fixes KOSAKI Motohiro (Sep 07)
    - [PATCH 0/2] execve memory exhaust of argument-copying fixes KOSAKI Motohiro (Sep 09)
    - [PATCH 1/2] oom: don't ignore rss in nascent mm KOSAKI Motohiro (Sep 09)
    - Message not available
    - Re: [PATCH 1/2] oom: don't ignore rss in nascent mm Roland McGrath (Sep 10)
    - Message not available
    - [PATCH] move cred_guard_mutex from task_struct to signal_struct KOSAKI Motohiro (Sep 10)
    - Re: [PATCH] move cred_guard_mutex from task_struct to signal_struct Oleg Nesterov (Sep 10)
    - Re: [PATCH] move cred_guard_mutex from task_struct to signal_struct KOSAKI Motohiro (Sep 15)
    - [PATCH 2/2] execve: check the VM has enough memory at first KOSAKI Motohiro (Sep 09)
    - Re: [PATCH 2/2] execve: check the VM has enough memory at first Linus Torvalds (Sep 10)
    - Re: [PATCH 2/2] execve: check the VM has enough memory at first KOSAKI Motohiro (Sep 13)
    - Re: [PATCH 2/2] execve: check the VM has enough memory at first KOSAKI Motohiro (Sep 15)
    - Re: [PATCH 2/2] execve: check the VM has enough memory at first Linus Torvalds (Sep 16)
    - Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 30)
    - Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Brad Spengler (Aug 30)
    - Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 31)
    - Re: [PATCH] exec argument expansion can inappropriately triggerOOM-killer Tetsuo Handa (Aug 31)