| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jan 2009 15:54:49 -0800 (PST) From: Davide Libenzi <davidel@...ilserver.org> To: Chris Adams <cmadams@...aay.net> cc: linux-kernel@...r.kernel.org Subject: Re: [patch 016/104] epoll: introduce resource usage limits On Wed, 28 Jan 2009, Chris Adams wrote: > Once upon a time, Davide Libenzi <davidel@...ilserver.org> said: > >I already gave you my opinion on such code. There is no need for it. If > >your servers are loaded, in the same way you bump NFILES (and likely > >even other default configs), you bump up max_user_instances: > > The flip side of that is this could just be added to the list of limits > you set on a multi-user system if you don't want $LUSER to DoS your > server (such as max procs, cpu time, virtual memory, etc.). I don't > think this is a security issue on single-user systems or servers with > only privileged access. > > Admins of multi-user systems are used to having to manage limits (see > pam_limits for example). Admins of single-user or privileged servers > (e.g. mail or non-shared web servers) are not for the most part (postfix > doesn't open 1025 files in a single process). It seems this is the most agreeable solution based on this thread replies. That is, leave it unbound, and offer limiting capabilities to multiuser sysadmins. - Davide -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists