grsecurity forums

Skip to content

Why is the process limit / fork-bomb protection gone?

Discuss and suggest new grsecurity features
Topic locked

Why is the process limit / fork-bomb protection gone?

Postby mcgege » Tue Aug 13, 2002 9:21 am

I recently updated from 1.9.4 to 1.9.6 and noticed the vanishing - why is it no more? I used this feature to restrict my users ... :P

GEGE
mcgege
 
Posts: 2
Joined: Tue Aug 13, 2002 9:03 am
Top

Postby spender » Tue Aug 13, 2002 5:49 pm

it could be implemented via PAM, it's easy to shoot up load in many other ways, and we support process-based resource restrictions in the ACL system.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Postby Himika » Thu Aug 15, 2002 4:16 am

I also noticed that very good features like ptrace restricting/logging and BSD-style coredumps are gone. I just wonder why.
Himika
 
Posts: 3
Joined: Thu Aug 15, 2002 4:11 am
Top

Postby spender » Thu Aug 15, 2002 10:43 am

bsd coredumps weren't security related, and the ptrace restrictions are done automatically in the ACL system.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Postby evilcartman » Thu Aug 15, 2002 6:13 pm

But not everyone uses ACLs...
evilcartman
 
Posts: 4
Joined: Fri Jul 05, 2002 5:24 am
Top
Topic locked

Return to grsecurity development

Powered by phpBB® Forum Software © phpBB Group