Linus Torvalds writes: (Summary)
You can still trigger it (set RLIMIT_DATA to something much too small,
for example, and then generate more than that by just repeating the
same argument multiple times so that the execve() user doesn't trigger
the limit, but the newly executed process does).
the limit, but the newly executed process does).
But it should really be something that you need to be truly insane to trigger. I think we still don't know whether we're going to be suid at the time we copy the arguments, do we?
we copy the arguments, do we?
So it's pretty painful to make the limits different for suid and non-suid binaries.
non-suid binaries.
Linus
Linus
Linus
the limit, but the newly executed process does).
But it should really be something that you need to be truly insane to trigger. I think we still don't know whether we're going to be suid at the time we copy the arguments, do we?
we copy the arguments, do we?
So it's pretty painful to make the limits different for suid and non-suid binaries.
non-suid binaries.
Linus
Linus
Linus