execve limiting

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

execve limiting

Postby Mr.Nobody » Wed Sep 17, 2003 10:20 am

Please answer: what for execve limiting in GRSecurity?
Linux allow to limit resources used by a process (via /etc/security/limits.conf) , for example - a number of processes (nproc). But what is the goal of checking of limitations on resources with execve() calls (execve() doesn't create processes - so what to fear?)?

Sorry for bad English.
:roll:
Mr.Nobody
 
Posts: 10
Joined: Wed Jul 23, 2003 1:56 am

Postby Julien TINNES » Wed Sep 17, 2003 10:26 pm

Hello,

More exactly, the kernel can enforce rlimits, pam can set rlimits and uses /etc/security/limits.conf on debian.

Limitation on resource witch execve is usefull for processus doing fork() before changing uid. For exemple, telnetd will do a fork as root, so it is not limited, then it changes uid and doese execve.
Julien TINNES
 
Posts: 4
Joined: Tue Sep 09, 2003 7:47 pm


Return to grsecurity support