Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-21-2006, 05:27 PM   #1
Registered: Apr 2004
Distribution: Debian -unstable
Posts: 700

Rep: Reputation: 31

This is the current output of `ulimit -a`:

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
max nice                        (-e) 20
file size               (blocks, -f) unlimited
pending signals                 (-i) unlimited
max locked memory       (kbytes, -l) unlimited
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) unlimited
max rt priority                 (-r) unlimited
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
Now this looks wrong to me because .. well .. for starters .. I'm vulnerable to a fork bomb and probably other attacks.

I have a couple of questions:

#1. Where do you set the above limits? Can you only specify them on command line and if so, will they "survive" a reboot?

#2. Could you recommend some limits please?
Old 07-22-2006, 04:33 AM   #2
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Obviously I would go for "max user processes". Set it to whatever value fits for you when you're under load and see how many of them are running looking at what top(1) says.

The next is "max locked memory". You can manage to bring down a Linux system by mmap()ing a large file and then calling mlock() on it. Fortunately, only the root user may call mlock().

The place to set limits should be /etc/security/limits.conf. It must exist in every Linux distribution as it uses PAM. Don't use /etc/profile or /etc/rc.local for that. The former may be skipped and the latter may apply to daemons started later.

Note: The stack size limit is too low. Raise it to 65536 at least. Memory limits aren't easy to come by. See "man getrlimit"


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ulimit Serena Linux - Software 6 12-18-2014 12:04 AM
ulimit comman is for what xshashiy Linux - Software 2 10-05-2005 07:52 AM
ulimit -t juanbobo Linux - Security 3 06-10-2005 10:43 AM
Ulimit -v Help !!!!!!!!!!!!!!!!!!!!!! raees Linux - Software 1 07-04-2004 11:01 AM
ulimit -n evilrico Linux - Distributions 0 03-14-2003 05:23 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:33 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration