Re: security and the kernel (was Re: are limits bogus?)

From: Khimenko Victor (khim@sch57.msk.ru)
Date: Wed Jan 19 2000 - 11:17:24 EST


In <20000119010148.A414@cybercomm.net> kutek@cybercomm.net (kutek@cybercomm.net) wrote:
> On Tue, Jan 18, 2000 at 02:42:12AM +0100, Dominik Kubla wrote:
>> > the question is: why is this done at the app level, rather than enforced
>> > by the kernel?
>>
>> They are. But since sshd is started with root-privileges (and root usually
>> has no resource limits) this is almost certainly a bug in sshd not setting
>> the appropriate resource levels for the user. Note that you can set some

> i disagree emphatically. the *kernel* should disallow passing of the root
> environment to any other user, under *all* circumstances.

??? Then you can not do any work done. There are quite a few things to be
done only by root-owned processes.

> it's about time you guys acknowledged that app programmers cannot be
> trusted to do the right thing, and that security needs to be enforced at
> the kernel level, as far as is possible. I don't believe this will add
> great complexity to the kernel.

It's not possible at all so I can not understood what is duscussed here.

> in fact, /etc/initscript can be used to accomplish adequate limit control,
> but there is no way to specify individual users with it....it affects
> all processes.

Yes. You can set limits from sshd with PAM if you wish (you have sshd with PAM
support, right :-) Kernel DOES NOT read configuration files. Never was,
never will. If you need such kernel - switch on other OS.

> to say that the kernel is "enforcing" limits, when the *app* must initiate
> the setrlimit call is totally bogus.

What you want ? Kernel do not have embedded thelepathy module. If you need
to force limits you SHOULD set them somehow. And it should be done BY
APPLICATION. What's wrong here ? Of course you can pass such limits in
kernel command line (the only thing known to kernel not from various
applications) but it's Wrong Thing(tm).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jan 23 2000 - 21:00:20 EST