On Mon, Oct 29, 2001 at 06:49:49PM -0600, Emily Ratliff wrote: > Hi, > > Here is the Openwall RLIMITS_NPROC patch which adds enforcement of the > process limit check on execve as a LSM. This module does not stack, even > with the capabilities module. I've been talking to Greg K-H offline and > that is the way that he wants it. (He also asked for each logical unit of > the Openwall patch to be a separate module.) I plan to make it stack with > capabilities and the rest of the Openwall modules when they are completed. > This one if fairly trivial - there are 4 lines of Openwall code buried in > there somewhere. I am also including my test program. It forks up to the > limit and then execs a process. I think that the exec should fail with > nproc_plug loaded, but it doesn't. If I run the test program twice, the > second exec does fail. This tells me that the nproc_plug is functional. If > you are bored, I would be interested to hear where my code or my logic is > failing. > > The rest of the Openwall modules will be forthcoming, probably all > together. Just wanted to get this one out today, since it was done, in > celebration of having received permission to contribute. Very nice. Thanks for posting this. Do you mind if it is added to the lsm tree for inclusion in the patch? thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 17:29:37 PST