Reasonable limits may be enough to sharply curtail the damage caused by an exploit.įirst, setting RLIMIT_NPROC to zero means that the process cannot fork/exec a new process – an attacker cannot execute arbitrary code as the current user. A buffer overflow isn’t an abstract concern – they are real and often allow an attacker to execute arbitrary code. Second, attackers will take advantage of any opportunity they can find. Setting reasonable limits keeps a runaway process from taking down the system. Here’s some reading on why your applications would want to do this: įirst, people make mistakes. With it, you will not be able to use a stack size lower than ~4.5MB.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |