From 5d23708442b16138b800a4e4e9daf20eda50ba46 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 23 Sep 2013 17:06:05 -0400 Subject: Bump up bind mount limit to 1024 The Baserock people were hitting up against the limit of 50, which as the newly added comment says isn't really effective against DoS anyways, so let's just bump it up significantly. Tested-by: Lars Wirzenius --- src/linux-user-chroot.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/linux-user-chroot.c b/src/linux-user-chroot.c index 6cac578..8b8700d 100644 --- a/src/linux-user-chroot.c +++ b/src/linux-user-chroot.c @@ -54,6 +54,16 @@ #define PR_SET_NO_NEW_PRIVS 38 #endif +/* Totally arbitrary; we're just trying to mitigate somewhat against + * DoS attacks. In practice uids can typically spawn multiple + * processes, so this isn't effective. What is needed is for the + * kernel to understand we're creating bind mounts on behalf of a + * given uid. Most likely this will happen if the kernel obsoletes + * this tool by allowing processes with PR_SET_NO_NEW_PRIVS to create + * private mounts or chroot. + */ +#define MAX_BIND_MOUNTS 1024 + static void fatal (const char *message, ...) __attribute__ ((noreturn)) __attribute__ ((format (printf, 1, 2))); static void fatal_errno (const char *message) __attribute__ ((noreturn)); @@ -145,7 +155,7 @@ main (int argc, gid_t rgid, egid, sgid; int after_mount_arg_index; unsigned int n_mounts = 0; - const unsigned int max_mounts = 50; /* Totally arbitrary... */ + const unsigned int max_mounts = MAX_BIND_MOUNTS; char **program_argv; MountSpec *bind_mounts = NULL; MountSpec *bind_mount_iter; -- cgit v1.2.1