Securing a system with limits.conf
- From: Lasse Kärkkäinen <tronic+bpsk@xxxxxxxxxx>
- Date: Sun, 26 Jul 2009 07:10:41 +0300
I'm not sure if this is off-topic for linux-kernel but here it goes...
After doing some research (Googling, checking Hardening Linux, Essential System Administration and a number of other books) I was quite shocked that configuring the limits doesn't seem to be documented anywhere. Sure, they all list the information that can be acquired by ulimit -a or man limits.conf but those oneliner descriptions of options fail to describe:
- What does the setting actually limit (one can find what the data segment or a core file is by Googling but it would be nicer if the documentation listed the security implications of each setting).
- What is the scope of the limit: per-user, per-process, all descendants of the current process, ...?
- How should things be configured to reliably prevent non-priveleged users from DoS'ing a machine.
Is there possibly some documentation that I have not found or is there actually a huge gap in the essential security documentation here?
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: Securing a system with limits.conf
- From: Valdis . Kletnieks
- Re: Securing a system with limits.conf
- Prev by Date: Re: report a bug about sched_rt
- Next by Date: man-pages-3.22 is released
- Previous by thread: Re: inaccurate cpu idle time from top command
- Next by thread: Re: Securing a system with limits.conf
- Index(es):
Relevant Pages
|
Loading
