On Thu, Jul 24, 2014 at 11:44:50AM -0700, Kees Cook wrote: ... > > > > The file can have a suid bit, so after executing it we may lose ability > > to attach to it. To check that we can check that uid and gid is zero > > in a current userns (local root). > > > > What else do we need to check? > > Yeah, I think all the checks are sufficient, but I (and Julien) are > still trying to think about side-effects. > > It would be nice if these checks (like the rlimit checks) were merged > into some common helper. That way if something changes in the exec > path, it won't go missed in the c/r path.
For rlimit I've done a separate helper in new rfc series, please take a look. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
