| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4A6BD741.2070807@trn.iki.fi> Date: Sun, 26 Jul 2009 07:10:41 +0300 From: Lasse Kärkkäinen <tronic+bpsk@....iki.fi> To: linux-kernel@...r.kernel.org Subject: Securing a system with limits.conf I'm not sure if this is off-topic for linux-kernel but here it goes... After doing some research (Googling, checking Hardening Linux, Essential System Administration and a number of other books) I was quite shocked that configuring the limits doesn't seem to be documented anywhere. Sure, they all list the information that can be acquired by ulimit -a or man limits.conf but those oneliner descriptions of options fail to describe: - What does the setting actually limit (one can find what the data segment or a core file is by Googling but it would be nicer if the documentation listed the security implications of each setting). - What is the scope of the limit: per-user, per-process, all descendants of the current process, ...? - How should things be configured to reliably prevent non-priveleged users from DoS'ing a machine. Is there possibly some documentation that I have not found or is there actually a huge gap in the essential security documentation here? Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists