git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	willy tarreau <w@1wt.eu>
	Sun, 10 Jan 2016 06:54:56 +0000 (07:54 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 31 Jan 2016 19:28:59 +0000 (11:28 -0800)
commit	5e226f9689d90ad8ab21b4a969ae3058777f0aff
tree	24c3995b5a3a0e714cae42b78a30eb4798f547ce	tree
parent	3767d554c088e1e8e4680c69d57c31e000dd7dec	commit \| diff

unix: properly account for FDs passed over unix sockets

[ Upstream commit 712f4aad406bb1ed67f3f98d04c044191f0ff593 ]

It is possible for a process to allocate and accumulate far more FDs than
the process' limit by sending them over a unix socket then closing them
to keep the process' fd count low.

This change addresses this problem by keeping track of the number of FDs
in flight per user and preventing non-privileged processes from having
more FDs in flight than their configured FD limit.

Reported-by: socketpair@gmail.com
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Mitigates: CVE-2013-4312 (Linux 2.0+)
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

include/linux/sched.h		diff \| blob \| blame \| history
net/unix/af_unix.c		diff \| blob \| blame \| history
net/unix/garbage.c		diff \| blob \| blame \| history