Securing a system with limits.conf

From: Lasse Kärkkäinen
Date: Sun Jul 26 2009 - 00:11:02 EST

Next message: Michael Kerrisk: "man-pages-3.22 is released"
Previous message: sen wang: "Re: report a bug about sched_rt"
Next in thread: Valdis . Kletnieks: "Re: Securing a system with limits.conf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm not sure if this is off-topic for linux-kernel but here it goes...

After doing some research (Googling, checking Hardening Linux, Essential System Administration and a number of other books) I was quite shocked that configuring the limits doesn't seem to be documented anywhere. Sure, they all list the information that can be acquired by ulimit -a or man limits.conf but those oneliner descriptions of options fail to describe:

- What does the setting actually limit (one can find what the data segment or a core file is by Googling but it would be nicer if the documentation listed the security implications of each setting).

- What is the scope of the limit: per-user, per-process, all descendants of the current process, ...?

- How should things be configured to reliably prevent non-priveleged users from DoS'ing a machine.

Is there possibly some documentation that I have not found or is there actually a huge gap in the essential security documentation here?

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Kerrisk: "man-pages-3.22 is released"
Previous message: sen wang: "Re: report a bug about sched_rt"
Next in thread: Valdis . Kletnieks: "Re: Securing a system with limits.conf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]