Following commit changed RLIMIT_NPROC rule. now set*uid() never return EAGAIN. And instead, execve() may return EAGAIN. If man pages respect this change, it would be better. commit 72fa59970f8698023045ab0713d66f3f4f96945c Author: Vasiliy Kulikov Date: Mon Aug 8 19:02:04 2011 +0400 move RLIMIT_NPROC check from set_user() to do_execve_common()
Vasiliy, Thanks for raising this bug. I think the best approach would be to leave the existing EAGAIN text in the set*uid pages (possibly with a note about v3.1 changes), and add some text to the execve.2 page. However, I have a question: I can understand adding the check to execve(), but why was it removed from set*uid()? Surely it was still useful to applications that actually do check the return status from set*uid()?
Hmm.. I'm not Vasiliy and I couldn't add him to cc list (I don't know why). But maybe I can answer this. Now, many many applications don't check the return code and this ignorance may make critical security issue. set*id() is usually used for dropping root privilege and then a failure mean application run untrusted code w/ root privilege. that's dangerous. then, set*id() should ignore rlimit and always can drop a privilege. In the other hand, execve() is used for getting a privilege. then a failure is not security threat. Next, applications still should check set*uid() return value because it may run on older kernel. thank you.
Patch (ebd381ba7b73) sitting in Git. Will be released with man-pages-3.69.