* Jim B said: > On Tue, 11 Jan 2000, Marek Habersack wrote: > > > And the pam_limits 'as' + 'rss' + 'data' + 'memlock' + 'stack' parameters? > > They all give you fine-grained control over the user's memory. > > OK, you're right. I had tried some of the PAM limits previously (one at a > time) and none of them alone was sufficient to restrict an account's > memory usage from devouring the machine using a particular exploit I'd > gotten hold of. At the same time, restricting the user's "virtual memory" The 'virtual memory' is a quite broad term as you can see :))))
> (ulimit -v) was able to stop the exploit, while none of the other ulimit > options did. Therefore I thought I was unable to limit the max vmem using > PAM. Thank you for pointing out to me that I can. :) My pleasure :) > One last thing... the original question also was, "how do slackware and > RedHat set the max vmem usage without using ulimit, /etc/limits, or PAM?" > Would you happen to know this off-hand? I thought maybe it was compiled > into the login binary but I downloaded the source and their patches and > didn't see any reference to it. Friends of mine have a slack 7 and an RH6 > box, RH has PAM enabled but no limits configured, while the slackware > machine has no /etc/limits, /etc/pam.d, or /etc/security. Yet when I log > in, my virtual memory limit is set to 2105343 KB. Is that something From a quick look, it's in the bash shell for those distributions. When I changed my shell on one RH 6.1 server I got unlimited memory. marek
pgp3ovjkk7d8V.pgp
Description: PGP signature