Bug 42704
| Summary: | execve may return EAGAIN on v3.1 or later | ||
|---|---|---|---|
| Product: | Documentation | Reporter: | KOSAKI Motohiro (kosaki.motohiro) |
| Component: | man-pages | Assignee: | documentation_man-pages (documentation_man-pages) |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | CC: | mtk.manpages |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | Subsystem: | ||
| Regression: | No | Bisected commit-id: | |
Vasiliy, Thanks for raising this bug. I think the best approach would be to leave the existing EAGAIN text in the set*uid pages (possibly with a note about v3.1 changes), and add some text to the execve.2 page. However, I have a question: I can understand adding the check to execve(), but why was it removed from set*uid()? Surely it was still useful to applications that actually do check the return status from set*uid()? Hmm.. I'm not Vasiliy and I couldn't add him to cc list (I don't know why). But maybe I can answer this. Now, many many applications don't check the return code and this ignorance may make critical security issue. set*id() is usually used for dropping root privilege and then a failure mean application run untrusted code w/ root privilege. that's dangerous. then, set*id() should ignore rlimit and always can drop a privilege. In the other hand, execve() is used for getting a privilege. then a failure is not security threat. Next, applications still should check set*uid() return value because it may run on older kernel. thank you. Patch (ebd381ba7b73) sitting in Git. Will be released with man-pages-3.69. |
Following commit changed RLIMIT_NPROC rule. now set*uid() never return EAGAIN. And instead, execve() may return EAGAIN. If man pages respect this change, it would be better. commit 72fa59970f8698023045ab0713d66f3f4f96945c Author: Vasiliy Kulikov Date: Mon Aug 8 19:02:04 2011 +0400 move RLIMIT_NPROC check from set_user() to do_execve_common()