Re: can't run as root with netbsd-5

To: Eric Haszlakiewicz <erh%nimenees.com@localhost>
Subject: Re: can't run as root with netbsd-5
From: David Laight <david%l8s.co.uk@localhost>
Date: Thu, 5 Mar 2009 22:00:13 +0000

On Wed, Mar 04, 2009 at 09:14:05PM -0600, Eric Haszlakiewicz wrote:
> 
> Sure enough, if I kill those I can login/su to root normally.  So it's
> definitely some problem with process limits.  The soft/hard limits appear
> to be 160/1044.  Are those supposed to apply to root owned processes?

IIRC the 1044 is an absolute system limit (kern.maxproc ?) and the
defaults allow any user to use all the processes!

The 160 shouldn't apply to root (certainly historically).
root can also increase the 'hard' limit above 1044 - but that won't
be any use unless the sysctl is also increased.

(The fd limits also allow non-root to use all the 'file' structures!)
(a nice local-user DoS attack)

        David

-- 
David Laight: david%l8s.co.uk@localhost

References:
- can't run as root with netbsd-5
  - From: Eric Haszlakiewicz
- Re: can't run as root with netbsd-5
  - From: Jasper Wallace
- Re: can't run as root with netbsd-5
  - From: Eric Haszlakiewicz

Prev by Date: Linker warnings with profiling
Next by Date: Re: rootfs on fxp remains broken for i386
Previous by Thread: Re: can't run as root with netbsd-5
Next by Thread: Re: can't run as root with netbsd-5
Indexes:

Home | Main Index | Thread Index | Old Index