Systemd:Even Torvalds Is Afraid!

Christopher Howard
Christopher Howard

From Linus Torvalds
Date Thu, 6 Jul 2017 09:34:14 -0700
Subject Re: [RFC][PATCH] exec: Use init rlimits for setuid exec

On Wed, Jul 5, 2017 at 9:32 PM, Kees Cook <[email protected]> wrote:
In an attempt to provide sensible rlimit defaults for setuid execs, this
inherits the namespace's init rlimits:
Yeah, so I have to admit to hating this patch.
As already mentioned by others, it's not only not clear that we want to do this on every setuid exec, it's also not clear that init is the right source of limits, or even which limits we'd want to copy.
I can easily see init doing a rlimit for its own use, and then when it goes through the fork/exec process does it set up some other rlimit for what it is going to run. You'd presumably want that for any non-system thing, so it's actually fairly natural to do it for system things too, so it's not at all obvious that "init" itself would run with some generic "system limits".
So to me this feels like a bad hack that was brought on by this particular attack.

I'd much rather see something like
(a) minimal: just use our existing default stack (and stack _only_) limit value for suid binaries that actually get extra permissions: {_STK_LIM, RLIM_INFINITY }.
or
(b) fancier: per-namespace defaults that can be explicitly set by something, and enabled individually.
or
(c) perhaps encourage people to annotate their suid binaries with initial resource requirements (and for stack, I mean the existing GNU_STACK ELF annotation in particular).

For an example of (a), that existing _STK_LIM define is what the kernel defaults to, and it's a 8MB stack. And looking at my Fedora install, I see that the default user rlimit is 8MB for the stack.
Is that just coincidence, or is that just a sign of "nobody ever even modifies the default value"? So (a) feels like "nobody really cares, and 8MB is fine, and nobody even bothers changing it - just do the minimal thing".
As to (b), we could just have that whole INIT_RLIMITS per-namespace, but only enable the stack limit by default. But then system admins could cvhange those limits and enable/disable individual rlimits to be used by suid binaries. That feels like the "give the admin tools"
And (c) would be the sane option, and what we already do for things like GNU_STACK to enable/disable executable stacks. It really feels like allowing the GNU_STACK segment to contain stack rlimit override information would be the perfect tool for binaries to say "Yeah, I need more stack than _STK_LIM".
So I see many different approaches (that could be combined: I like combining (a) and (c), for example), and absolutely none of them involve the random "take some values from init".
And yes, a large part of this may be that I no longer feel like I can trust "init" to do the sane thing. You all presumably know why.

Based Torvalds speak the word about systemd.

https://lists.dyne.org/lurker/message/20170710.142032.05d6acec.en.html
https://lkml.org/lkml/2017/7/6/577

All urls found in this thread:
https://lists.dyne.org/lurker/message/20170710.142032.05d6acec.en.html
https://lkml.org/lkml/2017/7/6/577
Dylan Martinez
Dylan Martinez

Linus tells RedHat and Pottfag to fork Linux and fuck off
Linux 5.0 released with glorious SysV back in control
Other distros that don't want to rely on Pottering ditch systemaiDz and return back to
RedHat/CIA plans of controlling Linux foiled once again
mfw

Logan Baker
Logan Baker

Linus tells RedHat to fork Linux and fuck off
Linus tells his largest contributor and funder to fuck off
yߺyou­'re­ delus­ional aߺa­ߺaߺaߺanonߺsan
Linux 5.0 released with glorious SysV back in control
Implying the kernel contains the init system
Oh he meant "Linux" as a distro
iߺit'­s call­ed ­GNU­/Li­nux bߺbߺbߺbaka!
RedHat/CIA
not NSA
foiled once again
again
implying someone who funds 99% of kernel development can have their plans foiled
yߺyߺy­ߺyou aren't serious rߺrߺright aߺanonߺsan?

Gabriel Brown
Gabriel Brown

Torvalds is surprisingly nice for now.
I wonder when Lennart will an hero himself because Linus call his software trash and that he should have never been born.
Reminder that Torvalds is the most based Swedish guy that we know.
RedHat/CIA plans of controlling Linux foiled once again
mfw we came back with more freedom
(pic2)

yߺyߺy­ߺyou aren't serious
Says the loli role player.

Samuel Young
Samuel Young

Says the loli role player.
dߺdߺd­ߺdߺdߺdߺdߺ­dߺd­ߺdߺdiscriminating aߺaߺagainst me bߺbߺbecause of my sߺsߺstutter is nߺnߺnot an aߺaߺargument!!!

Brody Taylor
Brody Taylor

But sysv init is shit user. Use runit.

Connor Green
Connor Green

But runit is unmaintained, use s6.

Dylan Jackson
Dylan Jackson

It doesn't need to be actively maintained. Runit is tiny and very reliable.

Jordan Clark
Jordan Clark

Well, as long as it works in the next 10 or 20 years the same way it does now, I guess it's fine.

Juan Walker
Juan Walker

I disagree with some of the stuff in the s6 "why another supervision suite" but I am interested in it not using the heap for its supervision processes. I'm a big proponent of essential system services doing things like that, only allocating once at startup all they'll ever need, etc. Increases reliability should available memory become low.

Jaxson Barnes
Jaxson Barnes

You faggots have no idea what the context of this LKML thread even is. Torvalds has already spoken about systemd and doesn't really mind it.

Dominic Harris
Dominic Harris

It's too bad there's no better alternative.

Alexander Rivera
Alexander Rivera

/thread

Jose Martin
Jose Martin

inb4 Linus writes his own init in a week

Gabriel Rivera
Gabriel Rivera

Everything else already exists.

James Watson
James Watson

Linus is not Swedish you dingus.

Austin Ortiz
Austin Ortiz

the guy is from finland
swedish

Wyatt Adams
Wyatt Adams

Ameritards don't know Swedes are a significant minority in Finland, which is officially a bilingual country.

Eli Gomez
Eli Gomez

They're not swedes muricunt, they're finlandsvenskare aka finnish swedes. It's big difference, I know a lot of them and half of them don't even speak swedish as their mother tongue.

Hunter Evans
Hunter Evans

the guy is from finland
swedish
en.wikipedia.org/wiki/Swedish-speaking_population_of_Finland
aka PURE CANCER
fucking wanna-be jews

Samuel Foster
Samuel Foster

It's time to abandon this retard populated board.

Benjamin Martinez
Benjamin Martinez

Inb4 links writes his own compiler
Oh wait, he's a nigger

Jaxon Allen
Jaxon Allen

muh safe space
try Something Awful / Reddit

Zachary Brown
Zachary Brown

No matter where you go, you will always find Finns that get triggered by any mention of Swedes, especially Fenno-Swedes. For good fucking reason.

Disable AdBlock to view this page

Disable AdBlock to view this page