lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.1.10.0901281551490.21401@alien.or.mcafeemobile.com>
Date:	Wed, 28 Jan 2009 15:54:49 -0800 (PST)
From:	Davide Libenzi <davidel@...ilserver.org>
To:	Chris Adams <cmadams@...aay.net>
cc:	linux-kernel@...r.kernel.org
Subject: Re: [patch 016/104] epoll: introduce resource usage limits

On Wed, 28 Jan 2009, Chris Adams wrote:

> Once upon a time, Davide Libenzi  <davidel@...ilserver.org> said:
> >I already gave you my opinion on such code. There is no need for it. If 
> >your servers are loaded, in the same way you bump NFILES (and likely 
> >even other default configs), you bump up max_user_instances:
> 
> The flip side of that is this could just be added to the list of limits
> you set on a multi-user system if you don't want $LUSER to DoS your
> server (such as max procs, cpu time, virtual memory, etc.).  I don't
> think this is a security issue on single-user systems or servers with
> only privileged access.
> 
> Admins of multi-user systems are used to having to manage limits (see
> pam_limits for example).  Admins of single-user or privileged servers
> (e.g. mail or non-shared web servers) are not for the most part (postfix
> doesn't open 1025 files in a single process).

It seems this is the most agreeable solution based on this thread replies. 
That is, leave it unbound, and offer limiting capabilities to multiuser 
sysadmins.



- Davide


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ