From owner-freebsd-current@FreeBSD.ORG Sat Jan 5 14:01:23 2008 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F195216A479; Sat, 5 Jan 2008 14:01:23 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id BFEF513C455; Sat, 5 Jan 2008 14:01:23 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id A16002089; Sat, 5 Jan 2008 15:01:14 +0100 (CET) X-Spam-Tests: AWL X-Spam-Learn: disabled X-Spam-Score: -0.2/3.0 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on tim.des.no Received: from ds4.des.no (des.no [80.203.243.180]) by smtp.des.no (Postfix) with ESMTP id 1391A207E; Sat, 5 Jan 2008 15:01:14 +0100 (CET) Received: by ds4.des.no (Postfix, from userid 1001) id DD391844C3; Sat, 5 Jan 2008 15:01:13 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Skip Ford References: <477C82F0.5060809@freebsd.org> <863ateemw2.fsf@ds4.des.no> <20080104002002.L30578@fledge.watson.org> <86wsqqaqbe.fsf@ds4.des.no> <20080104110511.S77222@fledge.watson.org> <20080104135438.GA788@menantico.com> <20080104135912.GB57756@deviant.kiev.zoral.com.ua> <20080104141133.GB788@menantico.com> <20080104141857.GC57756@deviant.kiev.zoral.com.ua> <20080104145807.GC788@menantico.com> Date: Sat, 05 Jan 2008 15:01:13 +0100 In-Reply-To: <20080104145807.GC788@menantico.com> (Skip Ford's message of "Fri\, 04 Jan 2008 09\:58\:07 -0500") Message-ID: <86k5mo8j86.fsf@ds4.des.no> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Kostik Belousov , freebsd-current@FreeBSD.org, Robert Watson , Jason Evans , Poul-Henning Kamp Subject: Re: sbrk(2) broken X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2008 14:01:24 -0000 Skip Ford writes: > Kostik Belousov writes: > > - per-user RLIMIT_SWAP limit, that account the allocation by the uid. T= his > > has some obvious problems with setuid(2) syscall. AFAIR, I ended up > > not moving the accounted numbers to the new uid. > The concensus in this thread seems to be that a per-process limit needs to > be implemented rather than, or in addition to, the per-uid limit you > already have. Implementing a per-process limit would help fix the setuid() problem, since the usage of the process calling setuid() would be known and could be transferred to the new user. There could however be a problem when a process creates a MAP_SHARED | MAP_ANON mapping, then fork()s, and the child calls setuid() (think privilege separation). Hopefully, this case is rare enough (malloc() always uses MAP_PRIVATE) that it can be handled using the most restrictive interpretation possible rather than trying to be painstakingly precise. (BTW, Skip, I find your MUA's use of Mail-Followup-To: offensive; if you don't want a copy of the followup, set the followup address to the list, not to a random previous participant in the thread) DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no