On Thu, 2007-06-14 at 13:58 -0700, Ollie Wild wrote:

>   A good heuristic, though, might be to limit
> argument size to a percentage (say 25%) of maximum stack size and
> validate this inside copy_strings().

This seems to do:


Signed-off-by: Peter Zijlstra <[EMAIL PROTECTED]>
---
 fs/exec.c |   17 +++++++++++++++++
 1 file changed, 17 insertions(+)

Index: linux-2.6-2/fs/exec.c
===================================================================
--- linux-2.6-2.orig/fs/exec.c  2007-06-15 11:05:09.000000000 +0200
+++ linux-2.6-2/fs/exec.c       2007-06-15 11:05:18.000000000 +0200
@@ -199,6 +199,23 @@ static struct page *get_arg_page(struct 
        if (ret <= 0)
                return NULL;
 
+       if (write) {
+               struct rlimit *rlim = current->signal->rlim;
+               unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;
+
+               /*
+                * Limit to 1/4-th the stack size for the argv+env strings.
+                * This ensures that:
+                *  - the remaining binfmt code will not run out of stack space,
+                *  - the program will have a reasonable amount of stack left
+                *    to work from.
+                */
+               if (size > rlim[RLIMIT_STACK].rlim_cur / 4) {
+                       put_page(page);
+                       return NULL;
+               }
+       }
+
        return page;
 }
 


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to