I'm seeing a lot of the same comments here, so I'm just going to respond to this post, which seems to have some of the main points in it.

"And while testing things, I don't want the kernel telling me: "You are not allowed to spawn/fork another process, mate. Change the settings.""

You have just chosen usability over security. Sure, security is a balance between good usability and good security, however, I personally think that this is a bad place to make a compromise. How hard is it to bump up your limits, if required?

On the other hand, when you take the approach that everything is set to be as usable as possible, when you want to *secure* a machine, you have to spend weeks of research making sure you have all grounds covered, only to find out later that you missed some setting that leaves your system susceptible to attack.

I understand that you need keep a machine usable to some extent. But seriously. If you need to spawn more than a few hundred simultaneous processes, you're certainly a special case. I don't think it's unreasonable for you to be required to adjust the limits upward, and have a "sane" default.

"IMHO, most Distros set the limits, if set at all, to a really high value to avoid annoying users with error messages."

I'm sure you're right about this, I'm just stating that I disagree with the choice that was made.

"This leads back to my point, one has to know at least something about the system he/she is responsible for. Which can lead only to one conclusion: either they learn by mistake or they know beforehand."

I so agree with your point here; security is about good people, not good technology (I wrote an article about this). Unfortunately, 99% of the people using computers, and even a large number of system administrators, have a very shallow understanding of the way anything works. It's the responsibility of the developers to make sure that all of these people don't shoot themselves in the foot. In all honest, I wasn't even aware myself of how low the limits were on so many Linux systems, and I could have easily been in the same position as the administrator in my article was.

"Granted the kernel could take care of the issue, the question is, do we really want that?"

I don't think that it wouldn't hurt for the kernel to have some sort of sane limit. But in the end, this is just a question of usability versus security.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/308/30985#30985