Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 712f4aad406bb1ed67f3f98d04c044191f0ff593
commit712f4aad406bb1ed67f3f98d04c044191f0ff593[log] [tgz]
authorwilly tarreau <w@1wt.eu>Sun Jan 10 07:54:56 2016 +0100
committerDavid S. Miller <davem@davemloft.net>Mon Jan 11 00:05:30 2016 -0500
treeee2f45594b6acfc83a69988a914b9fe15d6e4367
parent3e4006f0b86a5ae5eb0e8215f9a9e1db24506977 [diff]
unix: properly account for FDs passed over unix sockets

It is possible for a process to allocate and accumulate far more FDs than
the process' limit by sending them over a unix socket then closing them
to keep the process' fd count low.

This change addresses this problem by keeping track of the number of FDs
in flight per user and preventing non-privileged processes from having
more FDs in flight than their configured FD limit.

Reported-by: socketpair@gmail.com
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Mitigates: CVE-2013-4312 (Linux 2.0+)
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
3 files changed
tree: ee2f45594b6acfc83a69988a914b9fe15d6e4367
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS