des at des.no
Sat Jan 5 06:01:24 PST 2008
Skip Ford <skip at menantico.com> writes:
> Kostik Belousov <kostikbel at gmail.com> writes:
> > - per-user RLIMIT_SWAP limit, that account the allocation by the uid. This
> > has some obvious problems with setuid(2) syscall. AFAIR, I ended up
> > not moving the accounted numbers to the new uid.
> The concensus in this thread seems to be that a per-process limit needs to
> be implemented rather than, or in addition to, the per-uid limit you
> already have.
Implementing a per-process limit would help fix the setuid() problem,
since the usage of the process calling setuid() would be known and could
be transferred to the new user. There could however be a problem when a
process creates a MAP_SHARED | MAP_ANON mapping, then fork()s, and the
child calls setuid() (think privilege separation). Hopefully, this case
is rare enough (malloc() always uses MAP_PRIVATE) that it can be handled
using the most restrictive interpretation possible rather than trying to
be painstakingly precise.
(BTW, Skip, I find your MUA's use of Mail-Followup-To: offensive; if you
don't want a copy of the followup, set the followup address to the list,
not to a random previous participant in the thread)
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-current