[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter
From: |
Gregory Piñero |
Subject: |
Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter |
Date: |
Sat, 27 Oct 2007 12:54:08 -0400 |
On 10/27/07, address@hidden <address@hidden> wrote:
> It is PAM that uses /etc/security/limits.conf. Important (check on your own
> system): Is the line containing limits.conf commented out in
> /etc/pam.d/login? If so, you should probably activate it. Also see the
> comment about /etc/security/limits.conf replacing /etc/limits, just in case
> you've configured the wrong file.
>
> --- snip from /etc/pam.d/login ---
> # Sets up user limits according to /etc/security/limits.conf
> # (Replaces the use of /etc/limits in old login)
> session required pam_limits.so
> --- snip ---
>
> There might still be a few oddities and uncertainties I can think of
> (without exploring them any further at the moment):
> - Is your openssh daemon set to use PAM authentication - check the ssh
> config file. If not, chances are limits.conf won't get used.
> - Does /pam.d/login also apply to non-interactive logins - and if so there
> might be a second configuration option for PAM to set non-interactive login
> limits. Your system might see "jailkit sessions" as non-interactive
> sessions.
>
softlimit is working great for me
(http://cr.yp.to/daemontools/softlimit.html) and it's a lot easier to
understand and configure :-)
So I don't think I'll pursue limits.conf. But for jailed SSH
sessions, etc, limits.conf is probably the way to go. But when
jk_chrootlaunch launches a program as a different user, is that
considered a non-interactive login? Or does no login happen at all
for that user?
-Greg
- [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, Gregory Piñero, 2007/10/25
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, Olivier Sessink, 2007/10/25
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, Gregory Piñero, 2007/10/25
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, dev, 2007/10/25
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, Gregory Piñero, 2007/10/25
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, Gregory Piñero, 2007/10/25
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, Gregory Piñero, 2007/10/26
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, Olivier Sessink, 2007/10/26
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, dev, 2007/10/27
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter,
Gregory Piñero <=
- Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter, Olivier Sessink, 2007/10/27