On Mon 10-07-17 09:12:11, Kees Cook wrote:
> On Mon, Jul 10, 2017 at 1:44 AM, Michal Hocko <mho...@kernel.org> wrote:
> > On Thu 06-07-17 12:12:55, Kees Cook wrote:
> >> On Thu, Jul 6, 2017 at 10:52 AM, Linus Torvalds
> >> <torva...@linux-foundation.org> wrote:
> >> > On Thu, Jul 6, 2017 at 10:29 AM, Kees Cook <keesc...@chromium.org> wrote:
> >> >>>
> >> >>> (a) minimal: just use our existing default stack (and stack _only_)
> >> >>> limit value for suid binaries that actually get extra permissions: {
> >> >>> _STK_LIM, RLIM_INFINITY }.
> >> >>
> >> >> This would look a lot like the existing patch; it'd just not copy the
> >> >> init process rlimits.
> >> >
> >> > Can't we just do the final rlimit setting so late in execve that we
> >> > don't need that whole "saved_rlimit" thing?
> >>
> >> The stack rlimit defines the mmap layout too:
> >>
> >> do_execveat_common() ->
> >> exec_binprm() ->
> >> search_binary_handler() ->
> >> fmt->load_binary (load_elf_binary()) ->
> >> setup_new_exec() ->
> >> arch_pick_mmap_layout() ->
> >> mmap_is_legacy() ->
> >> rlimit(RLIMIT_STACK) == RLIM_INFINITY
> >
> > FWIW this is gone in tip tree. See
> > lkml.kernel.org/r/20170614082218.12450-1-mho...@kernel.org
>
> Sounds good to me, but won't large-memory users in 32-bit get annoyed?
Why would they? 32b do bottom up layouts by default.
--
Michal Hocko
SUSE Labs
