grsecurity forums


https://forums.grsecurity.net./

execve limiting

https://forums.grsecurity.net./viewtopic.php?f=3&t=552

Page 1 of 1

execve limiting

PostPosted: Wed Sep 17, 2003 10:20 am
by Mr.Nobody
Please answer: what for execve limiting in GRSecurity?
Linux allow to limit resources used by a process (via /etc/security/limits.conf) , for example - a number of processes (nproc). But what is the goal of checking of limitations on resources with execve() calls (execve() doesn't create processes - so what to fear?)?

Sorry for bad English.
:roll:

PostPosted: Wed Sep 17, 2003 10:26 pm
by Julien TINNES
Hello,

More exactly, the kernel can enforce rlimits, pam can set rlimits and uses /etc/security/limits.conf on debian.

Limitation on resource witch execve is usefull for processus doing fork() before changing uid. For exemple, telnetd will do a fork as root, so it is not limited, then it changes uid and doese execve.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/