[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: maximum number of processes on kernel 2.4.x

On Tue, 12 Mar 2002 21:03, Wayne Tucker wrote:
> On Tue, Mar 12, 2002 at 12:15:26PM +0100, Russell Coker wrote:
> > BTW, why exactly do you need to have so many root owned processes?
> >
> > Every root owned process is a potential security hole.  Is it possible to
> > make some of these things use non-root?
> The server is running CommuniGate Pro, which must be run as root.  I'm
> not particularly comfortable with the idea myself, but since the
> server is only doing email, then if somebody compromises the mail
> software, they have control over everything important that happens on
> the server anyhow.
> It looks like the real problem was actually the pam_limits module that
> is being loaded from the various pam.d configuration files.  It was

That's a bug.  A daemon should not be using pam unless it's for a user login. 
I presume it was more than just the POP server having a problem...

> doing a setrlimit(RLIMIT_NPROC, 256), which resulted in it not being
> able to perform the various setuid/setgid calls and whatnot and then
> spawn the login shell.

Also you can edit /etc/security/limits.conf to change the settings...

If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.

Reply to: