summaryrefslogtreecommitdiff
path: root/net/ipv4/fib_lookup.h
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-11-30 03:10:51 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2017-11-30 05:40:42 +0300
commit04e35f4495dd560db30c25efca4eecae8ec8c375 (patch)
tree62d890cff810621d1143f601df6181384fb87a86 /net/ipv4/fib_lookup.h
parent5f1d43de54164dcfb9bfa542fcc92c1e1a1b6c1d (diff)
downloadlinux-04e35f4495dd560db30c25efca4eecae8ec8c375.tar.xz
exec: avoid RLIMIT_STACK races with prlimit()
While the defense-in-depth RLIMIT_STACK limit on setuid processes was protected against races from other threads calling setrlimit(), I missed protecting it against races from external processes calling prlimit(). This adds locking around the change and makes sure that rlim_max is set too. Link: http://lkml.kernel.org/r/20171127193457.GA11348@beast Fixes: 64701dee4178e ("exec: Use sane stack rlimit under secureexec") Signed-off-by: Kees Cook <keescook@chromium.org> Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Reported-by: Brad Spengler <spender@grsecurity.net> Acked-by: Serge Hallyn <serge@hallyn.com> Cc: James Morris <james.l.morris@oracle.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Jiri Slaby <jslaby@suse.cz> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'net/ipv4/fib_lookup.h')
0 files changed, 0 insertions, 0 deletions