setrlimit can unlimit CPU by setting to 0 seconds in some cases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Debian |
Fix Released
|
Unknown
|
|||
linux-source-2.6.15 (Ubuntu) |
Fix Released
|
Low
|
Kees Cook | ||
linux-source-2.6.17 (Ubuntu) |
Won't Fix
|
Low
|
Kees Cook | ||
linux-source-2.6.20 (Ubuntu) |
Fix Released
|
Low
|
Kees Cook |
Bug Description
Binary package hint: linux-source-2.6.20
Copy-paste of a reply I gave to the user who discovered this problem, on the zsh-users mailing list (not yet in the archive):
David Peer wrote:
> > If the user run: ulimit -t 0, he can run jobs without any cputime
> > limitation:
This sounds more like a kernel problem to me than a zsh bug. I get the
same behavior on my Ubuntu 7.04 (beta) system, in _bash_.
I note that getrlimit(2) says:
In 2.6.x kernels before 2.6.17, a RLIMIT_CPU limit of 0 is wrongly
treated as "no limit" (like RLIM_INFINITY). Since kernel 2.6.17, set‐
ting a limit of 0 does have an effect, but is actually treated as a
limit of 1 second.
However, I'm running 2.6.20(
symptom.
CVE References
Changed in linux-source-2.6.15: | |
assignee: | nobody → keescook |
status: | New → In Progress |
Changed in linux-source-2.6.17: | |
assignee: | nobody → keescook |
Changed in linux-source-2.6.15: | |
importance: | Undecided → Low |
Changed in linux-source-2.6.17: | |
importance: | Undecided → Low |
Changed in linux-source-2.6.20: | |
importance: | Undecided → Low |
Changed in linux-source-2.6.15: | |
status: | In Progress → Fix Committed |
Changed in linux-source-2.6.20: | |
status: | In Progress → Fix Committed |
Another response, clarifying the issue. I was incorrect about the mail-list archive: it's on zsh-workers, not -users: www.zsh. org/mla/ workers/ 2007/msg00200. html
http://
> Works as I'd expect from your man page quote here:
>
> $ time zsh -c 'ulimit -t 0; while :; do :; done'
> zsh: cpu limit exceeded zsh -c 'ulimit -t 0; while :; do :; done'
> zsh -c 'ulimit -t 0; while :; do :; done' 0.72s user 0.28s system 95% cpu 1.050 total
> $ time bash -c 'ulimit -t 0; while :; do :; done'
> zsh: killed bash -c 'ulimit -t 0; while :; do :; done'
> bash -c 'ulimit -t 0; while :; do :; done' 1.00s user 0.00s system 95% cpu 1.047 total
> $ uname -a
> Linux sc.homeunix.net 2.6.21-rc4 #1 PREEMPT Sun Mar 25 15:39:31 BST 2007 i686 GNU/Linux
> ~$ uname -rs
> Linux 2.6.21-rc4
Yes, I get those same results. However, in an interactive shell:
% ulimit -t 0
% ( ulimit -t; while :; do :; done )
0
<< watch the CPU time used climb in top >>
^C
%
...
% ulimit -Ht 0
% ( ulimit -t; while :; do :; done )
0
zsh: killed (; ulimit -t; while :; do; :; done; )
%
My first thought was: is zsh blocking SIGXCPU in some circumstances? But
killing the process with kill -XCPU worked fine.
It therefore appears that while the man page is correct for hard limits,
soft limits of 0 are still treated as unlimited.