Maybe I didn't stress enough that I agree that something has to be done, I therefore suggested a script to enforce secure settings. I really like the Solaris approach, there is a script covering the most important bases, the admin just has to run it. The script issues a warning about "increasing security, decreasing usability", its documentation clearly states what it does, thus enabling a less experienced admin to understand what happens and enabling him/her to tweak the settings on their own, if needed (the script is not perfect, but hey, it's a start).
And while I'm at it (dreaming about the perfect script, that is), it should, after asking the user of course, remove programs and services not needed for the intended use of the system, e.g. stop sendmail from accepting messages from the outside on a web-server.
Regarding casting this burden on the kernel. The fork/clone system call checks if the user-context does not exceed the set limits. They should be set accordingly, means to a sane value during installation. The question to be asked by the installation script should be worded like the questions asked during kernel configuration: "If you don't know what this means, accept the default."
Regarding "choosing usability over security". A built-in algorithm in the Kernel, stopping a user-context from forking based on system-load for example, could be used for a DOS-attack as well. The problem is a case of "do what I mean and not what I said."
my 2 cents
Erik


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/308/30994#30994