15 Feb
2022
15 Feb
'22
10:25 a.m.
On Mon, Feb 14, 2022 at 09:10:49AM -0600, "Eric W. Biederman" ebiederm@xmission.com wrote:
I really like how cleanly this patch seems to be. Unfortunately it is wrong.
It seems [1] so:
setuid() // RLIMIT_NPROC is fine at this moment ... fork() ... ... fork() execve() // eh, oh
This "punishes" the exec'ing task although the cause is elsewhere.
Michal
[1] The decoupled setuid()+execve() check can be interpretted both ways. I understood historically the excess at the setuid() moment is relevant.