On Tue, Jan 18, 2000 at 02:42:12AM +0100, Dominik Kubla wrote:
> > the question is: why is this done at the app level, rather than enforced
> > by the kernel?
>
> They are. But since sshd is started with root-privileges (and root usually
> has no resource limits) this is almost certainly a bug in sshd not setting
> the appropriate resource levels for the user. Note that you can set some
i disagree emphatically. the *kernel* should disallow passing of the root
environment to any other user, under *all* circumstances.
it's about time you guys acknowledged that app programmers cannot be
trusted to do the right thing, and that security needs to be enforced at
the kernel level, as far as is possible. I don't believe this will add
great complexity to the kernel.
in fact, /etc/initscript can be used to accomplish adequate limit control,
but there is no way to specify individual users with it....it affects
all processes.
to say that the kernel is "enforcing" limits, when the *app* must initiate
the setrlimit call is totally bogus.
fractoid
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jan 23 2000 - 21:00:19 EST