user limits for 'security'?

LA Walsh (law@sgi.com)
Mon, 25 Jun 2001 12:26:16 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James Stevenson: "Re: all processes waiting in TASK_UNINTERRUPTIBLE state"
Previous message: Alan Shutko: "Re: sizeof problem in kernel modules"
Next in thread: LA Walsh: "Re: user limits for 'security'?"
Reply: LA Walsh: "Re: user limits for 'security'?"

I've seen some people saying that user-limits are an essential part of a
secure system to prevent local DoS attacks. Given that, should
a system call like 'fork' return -EPERM if the user has reached their
limit?

My local manpage (SuSE 7.2 system) says this under fork:

ERRORS
EAGAIN fork cannot allocate sufficient memory to copy the
parent's page tables and allocate a task structure
for the child.
-----
Should the man page be updated to reflect that EAGAIN is returned
when the user has reached their limit? From a user-monitoring point
of view, it might be security relevant to know if a EAGAIN is being
returned because the system really is low on resources or if it
is a user hitting their limit.

-- The above thoughts and | I know I don't know the opinions writings are my own. | of every part of my company. :-) L A Walsh, law at sgi.com | Sr Eng, Trust Technology 01-650-933-5338 | Core Linux, SGI

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: James Stevenson: "Re: all processes waiting in TASK_UNINTERRUPTIBLE state"
Previous message: Alan Shutko: "Re: sizeof problem in kernel modules"
Next in thread: LA Walsh: "Re: user limits for 'security'?"
Reply: LA Walsh: "Re: user limits for 'security'?"