lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1427925794-7060-1-git-send-email-pcarrier@twitter.com>
Date:	Wed,  1 Apr 2015 15:03:14 -0700
From:	Pierre Carrier <pcarrier@...tter.com>
To:	linux-kernel@...r.kernel.org
Cc:	Pierre Carrier <pcarrier@...tter.com>
Subject: [PATCH] RLIMIT_NOFILE: reflect the state of the world

The combination of outdated kernel defaults and lack of policies in
most init systems and init scripts has broken the Principle Of
Least Astonishment countless times, often leading to production
incidents.

One could argue that the vast majority of Linux users do not ever
benefit from such a low limit. As deployments that desire a low
RLIMIT_NOFILE are very few and hopefully maintained by engineers
competent enough to tweak their boot process accordingly,
let's make such enforcement opt-in.

---
Today is my birthday. My wish is to make the world a better place,
and sending this E-mail seems like a great way to do so.

 include/asm-generic/resource.h | 2 +-
 include/uapi/linux/fs.h        | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git include/asm-generic/resource.h include/asm-generic/resource.h
index 5e752b9..c435cf4 100644
--- include/asm-generic/resource.h
+++ include/asm-generic/resource.h
@@ -16,7 +16,7 @@
 	[RLIMIT_CORE]		= {              0,  RLIM_INFINITY },	\
 	[RLIMIT_RSS]		= {  RLIM_INFINITY,  RLIM_INFINITY },	\
 	[RLIMIT_NPROC]		= {              0,              0 },	\
-	[RLIMIT_NOFILE]		= {   INR_OPEN_CUR,   INR_OPEN_MAX },	\
+	[RLIMIT_NOFILE]		= {  RLIM_INFINITY,  RLIM_INFINITY },	\
 	[RLIMIT_MEMLOCK]	= {    MLOCK_LIMIT,    MLOCK_LIMIT },	\
 	[RLIMIT_AS]		= {  RLIM_INFINITY,  RLIM_INFINITY },	\
 	[RLIMIT_LOCKS]		= {  RLIM_INFINITY,  RLIM_INFINITY },	\
diff --git include/uapi/linux/fs.h include/uapi/linux/fs.h
index 9b964a5..a69388f 100644
--- include/uapi/linux/fs.h
+++ include/uapi/linux/fs.h
@@ -22,8 +22,8 @@
 
 /* Fixed constants first: */
 #undef NR_OPEN
-#define INR_OPEN_CUR 1024	/* Initial setting for nfile rlimits */
-#define INR_OPEN_MAX 4096	/* Hard limit for nfile rlimits */
+#define INR_OPEN_CUR 1024	/* Deprecated: Initial setting for nfile rlimits */
+#define INR_OPEN_MAX 4096	/* Deprecated: Hard limit for nfile rlimits */
 
 #define BLOCK_SIZE_BITS 10
 #define BLOCK_SIZE (1<<BLOCK_SIZE_BITS)
-- 
2.3.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ