diff options
author | Colin Walters <walters@verbum.org> | 2013-09-23 17:06:05 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2013-09-24 09:35:48 -0400 |
commit | 5d23708442b16138b800a4e4e9daf20eda50ba46 (patch) | |
tree | d731aaa7579a46a30880eef3e36647797ad6515f | |
parent | 9d4ac4e39c64eaf23f90c28fc97ac426d809c33d (diff) | |
download | linux-user-chroot-baserock/larswirzenius/update-to-master.tar.gz |
Bump up bind mount limit to 1024baserock/larswirzenius/update-to-master
The Baserock people were hitting up against the limit of 50, which as
the newly added comment says isn't really effective against DoS
anyways, so let's just bump it up significantly.
Tested-by: Lars Wirzenius <lars.wirzenius@codethink.co.uk>
-rw-r--r-- | src/linux-user-chroot.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/linux-user-chroot.c b/src/linux-user-chroot.c index 6cac578..8b8700d 100644 --- a/src/linux-user-chroot.c +++ b/src/linux-user-chroot.c @@ -54,6 +54,16 @@ #define PR_SET_NO_NEW_PRIVS 38 #endif +/* Totally arbitrary; we're just trying to mitigate somewhat against + * DoS attacks. In practice uids can typically spawn multiple + * processes, so this isn't effective. What is needed is for the + * kernel to understand we're creating bind mounts on behalf of a + * given uid. Most likely this will happen if the kernel obsoletes + * this tool by allowing processes with PR_SET_NO_NEW_PRIVS to create + * private mounts or chroot. + */ +#define MAX_BIND_MOUNTS 1024 + static void fatal (const char *message, ...) __attribute__ ((noreturn)) __attribute__ ((format (printf, 1, 2))); static void fatal_errno (const char *message) __attribute__ ((noreturn)); @@ -145,7 +155,7 @@ main (int argc, gid_t rgid, egid, sgid; int after_mount_arg_index; unsigned int n_mounts = 0; - const unsigned int max_mounts = 50; /* Totally arbitrary... */ + const unsigned int max_mounts = MAX_BIND_MOUNTS; char **program_argv; MountSpec *bind_mounts = NULL; MountSpec *bind_mount_iter; |