Consider a file size ulimit/rlimit, set using something like:
ulimit -f 1000 # kilobytes of output files
All processes run from the above shell will be unable to write their
accounting file records (enabled with accton) if the size of the
accounting file is larger than the given file size limit.
This seems unintended. In fact, an intruder could purposefully set
a low file size limit to prevent process accounting and cover his/her
traces in the accounting log. (Or, someone could do it to avoid being
charged for system usage, etc.)
Same behaviour: 2.2.19 and 2.4.18-pre7
# cat /proc/version
Linux version 2.2.19-6.3mdk (root@updates.mandrakesoft.com) (gcc version
egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)) #1 Thu Nov 15 15:17:52
MST 2001
# cat /proc/version
Linux version 2.4.18-pre7 (root@idallen-home) (gcc version 2.96 20000731
(Mandrake Linux 8.1 2.96-0.62mdk)) #13 Thu Jan 31 00:51:41 EST 2002
--
-IAN! Ian! D. Allen Ottawa, Ontario, Canada idallen@ncf.ca
Home Page on the Ottawa FreeNet: http://www.ncf.ca/~aa610/
College professor at: http://www.algonquincollege.com/~alleni/
Board Member, TeleCommunities CANADA http://www.tc.ca/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Feb 15 2002 - 21:00:50 EST