Re: [PATCH v3 00/15] exec: Use sane stack rlimit under secureexec

2017-07-18 Thread Kees Cook
On Tue, Jul 18, 2017 at 8:22 PM, Serge E. Hallyn wrote: > On Tue, Jul 18, 2017 at 03:25:21PM -0700, Kees Cook wrote: >> This series has grown... :P >> >> As discussed with Linus and Andy, we need to reset the stack rlimit >> before we do memory layouts when execing a

Re: [PATCH v3 00/15] exec: Use sane stack rlimit under secureexec

2017-07-18 Thread Kees Cook
On Tue, Jul 18, 2017 at 8:22 PM, Serge E. Hallyn wrote: > On Tue, Jul 18, 2017 at 03:25:21PM -0700, Kees Cook wrote: >> This series has grown... :P >> >> As discussed with Linus and Andy, we need to reset the stack rlimit >> before we do memory layouts when execing a privilege-gaining (e.g. >>

Re: [PATCH v3 00/15] exec: Use sane stack rlimit under secureexec

2017-07-18 Thread Serge E. Hallyn
On Tue, Jul 18, 2017 at 03:25:21PM -0700, Kees Cook wrote: > This series has grown... :P > > As discussed with Linus and Andy, we need to reset the stack rlimit > before we do memory layouts when execing a privilege-gaining (e.g. > setuid) program. To do this, we need to know the results of the >

Re: [PATCH v3 00/15] exec: Use sane stack rlimit under secureexec

2017-07-18 Thread Serge E. Hallyn
On Tue, Jul 18, 2017 at 03:25:21PM -0700, Kees Cook wrote: > This series has grown... :P > > As discussed with Linus and Andy, we need to reset the stack rlimit > before we do memory layouts when execing a privilege-gaining (e.g. > setuid) program. To do this, we need to know the results of the >

Re: [PATCH v3 00/15] exec: Use sane stack rlimit under secureexec

2017-07-18 Thread Linus Torvalds
On Tue, 18 Jul 2017, Kees Cook wrote: > > This series has grown... :P Hmm. It may be bigger, but I like it a lot better. Each step now looks fairly obvious and is well documented. I don't love the timing of it, but I think I'd be willing to just pull this in before rc2 as a "we need to do

Re: [PATCH v3 00/15] exec: Use sane stack rlimit under secureexec

2017-07-18 Thread Linus Torvalds
On Tue, 18 Jul 2017, Kees Cook wrote: > > This series has grown... :P Hmm. It may be bigger, but I like it a lot better. Each step now looks fairly obvious and is well documented. I don't love the timing of it, but I think I'd be willing to just pull this in before rc2 as a "we need to do

[PATCH v3 00/15] exec: Use sane stack rlimit under secureexec

2017-07-18 Thread Kees Cook
This series has grown... :P As discussed with Linus and Andy, we need to reset the stack rlimit before we do memory layouts when execing a privilege-gaining (e.g. setuid) program. To do this, we need to know the results of the bprm_secureexec hook before memory layouts. As it turns out, this can

[PATCH v3 00/15] exec: Use sane stack rlimit under secureexec

2017-07-18 Thread Kees Cook
This series has grown... :P As discussed with Linus and Andy, we need to reset the stack rlimit before we do memory layouts when execing a privilege-gaining (e.g. setuid) program. To do this, we need to know the results of the bprm_secureexec hook before memory layouts. As it turns out, this can