Securing a system with limits.conf
From: Lasse Kärkkäinen
Date: Sun Jul 26 2009 - 00:11:02 EST
I'm not sure if this is off-topic for linux-kernel but here it goes...
After doing some research (Googling, checking Hardening Linux, Essential
System Administration and a number of other books) I was quite shocked
that configuring the limits doesn't seem to be documented anywhere.
Sure, they all list the information that can be acquired by ulimit -a or
man limits.conf but those oneliner descriptions of options fail to describe:
- What does the setting actually limit (one can find what the data
segment or a core file is by Googling but it would be nicer if the
documentation listed the security implications of each setting).
- What is the scope of the limit: per-user, per-process, all descendants
of the current process, ...?
- How should things be configured to reliably prevent non-priveleged
users from DoS'ing a machine.
Is there possibly some documentation that I have not found or is there
actually a huge gap in the essential security documentation here?
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/