Well, that was about the least fun that I've had in a while. The magic numbers that I came up with that allowed me to login to GDM, but not run firefox were:
root - stack unlimited root - as unlimited dbus - stack unlimited dbus - as unlimited gdm - as unlimited gdm - stack unlimited * - stack 262144 * - as 4194304 This doesn't appear to be a ratio and the system only had 4G RAM but anything but this pretty much tanked. Any vendor driven advice would be great but I think it's going to be one of those "set to what your system needs" adventures. Thanks, Trevor On Tue, Jun 20, 2017 at 11:16 AM, Trevor Vaughan <[email protected]> wrote: > Like most everyone, I'm running around trying to prevent Stack Clash types > of issues from happening in the future. > > The most 'general purpose' way of doing this is to set the Address Space > and Stack limits in pam_limits. > > So, two questions: > > 1) What is a good, general purpose number to set these to? I figured that > Red Hat would have a bunch of systems to sample.... > > 2) Should these be included in the SSG? > > 3) Should the rest of these have nailed in defaults that make sense for > most systems? This really should be something that people understand about > their applications and/or can adjust to be larger on an as-needed basis. > > Thanks, > > Trevor > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 <(410)%20541-6699> > > -- This account not approved for unencrypted proprietary information -- > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
