| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jan 2009 15:46:08 -0600 From: Chris Adams <cmadams@...aay.net> To: linux-kernel@...r.kernel.org Subject: Re: [patch 016/104] epoll: introduce resource usage limits Once upon a time, Davide Libenzi <davidel@...ilserver.org> said: >I already gave you my opinion on such code. There is no need for it. If >your servers are loaded, in the same way you bump NFILES (and likely >even other default configs), you bump up max_user_instances: The flip side of that is this could just be added to the list of limits you set on a multi-user system if you don't want $LUSER to DoS your server (such as max procs, cpu time, virtual memory, etc.). I don't think this is a security issue on single-user systems or servers with only privileged access. Admins of multi-user systems are used to having to manage limits (see pam_limits for example). Admins of single-user or privileged servers (e.g. mail or non-shared web servers) are not for the most part (postfix doesn't open 1025 files in a single process). -- Chris Adams <cmadams@...aay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists