ChangeSet@1.1136.73.2  2003-12-02 11:58:06-02:00  neilb at unsw.edu.au
[PATCH] Make root a special case for per-user process limits.

This is needed because when a setuid-root program calls
setuid(0) to become really-root, p->user becomes root_user,
but ->rlim stays as the original user's limit, and now
the process cannot fork - becuase root has more processes than
the original user had.

The real problem is that NPROC is not really a per-process limit,
but its a per-user limit, and including it with the rlim structure
was not a good idea :-(

This fix is already in 2.6


--- linux-2.4.23/kernel/fork.c.orig	Tue Dec  9 00:38:16 2003
+++ linux-2.4.23/kernel/fork.c	Tue Dec  9 00:38:59 2003
@@ -669,6 +669,7 @@
 	 * than the amount of processes root is running. -- Rik
 	 */
 	if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur
+	              && p->user != &root_user
 	              && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE))
 		goto bad_fork_free;