Re: user limits for 'security'?

[LA Walsh]

I suppose another question related to the first, is 'limit' checking
part of the 'standard linux security' that embedded Linux users might
find to be a waste of precious code-space?

-l

--
The above thoughts and| I know I don't know the opinions
writings are my own.  | of every part of my company. :-)
L A Walsh, law at sgi.com | Sr Eng, Trust Technology
01-650-933-5338   | Core Linux, SGI



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

user limits for 'security'?

[LA Walsh]

I've seen some people saying that user-limits are an essential part of a
secure system to prevent local DoS attacks.  Given that, should
a system call like 'fork' return -EPERM if the user has reached their
limit?

My local manpage (SuSE 7.2 system) says this under fork:

ERRORS
   EAGAIN fork  cannot allocate sufficient memory to copy the
  parent's page tables and allocate a task  structure
  for the child.
-
Should the man page be updated to reflect that EAGAIN is returned
when the user has reached their limit?  From a user-monitoring point
of view, it might be security relevant to know if a EAGAIN is being
returned because the system really is low on resources or if it
is a user hitting their limit.

--
The above thoughts and| I know I don't know the opinions
writings are my own.  | of every part of my company. :-)
L A Walsh, law at sgi.com | Sr Eng, Trust Technology
01-650-933-5338   | Core Linux, SGI



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/