From: Willy Tarreau <w...@1wt.eu> Date: Mon, 28 Dec 2015 15:14:35 +0100
> It is possible for a process to allocate and accumulate far more FDs than > the process' limit by sending them over a unix socket then closing them > to keep the process' fd count low. > > This change addresses this problem by keeping track of the number of FDs > in flight per user and preventing non-privileged processes from having > more FDs in flight than their configured FD limit. > > Reported-by: socketp...@gmail.com > Suggested-by: Linus Torvalds <torva...@linux-foundation.org> > Signed-off-by: Willy Tarreau <w...@1wt.eu> > --- > It would be nice if (if accepted) it would be backported to -stable as the > issue is currently exploitable. As mentioned, please remove the unix_sock_count variable and associated code as it is completely unused after this patch. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
