Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
RE: [suse-security] Bugs on Kernel 2.4
  • From: Bob Vickers <bobv@xxxxxxxxxxxxx>
  • Date: Tue, 2 Dec 2003 10:10:30 +0000 (GMT)
  • Message-id: <Pine.OSF.4.58.0312021000230.10873@xxxxxxxxxxxxxxxxxxxxx>
Roman,

I'm rather uneasy about the suggested workround because if you use that
ulimit command it has no effect on the reported limit. e.g.

$ ulimit -v 2147483647
$ ulimit -v
unlimited

After some experiments I found that 4194303 works and 4194304 does not.
This corresponds to 4 GB which should be big enough for my purposes.

Of course, it may be that the limit is being set correctly and reported
wrongly but you can understand my concern.

I have verified that if root sets its shell ulimit to 4194303 and
restarts sshd then the new limit applies to new ssh sessions, which is good.

I'm using SuSE 8.2.

Bob

On Tue, 2 Dec 2003, Roman Drahtmueller wrote:

> >
> > Hi Edwin,
> >
> > This is my take and not offical. However,
> > a posting at Slashdot indicates that both SuSE and Redhat
> > are working on it.
> > http://developers.slashdot.org/developers/03/12/01/2133249.shtml?tid=106&tid=185&tid=90
> > The "newest kernels" apparently have already
> > solved the problem, so I expect that there will soon be a
> > SuSE patch.
> >
>
> Exactly. The SUSE LINUX 9.0 kernel that is offered as "optional" in YOU
> fixes the problem. All other SUSE Linux releases will see update packages
> soon. Olaf Kirch is currently handling it.
>
> The kernel is a very critical component of the system. As such, it needs
> extensive testing - otherwise, we are confronted with some hundred
> thousand to millions of systems that can't boot any more. Please allow us
> to use some time for this testing effort.
>
> An easy workaround against the brk() issue: Set the address space limit to
> another value than nothing, even a very high value.
>
> Add the line
>
> ulimit -v 2147483647
>
> as the second lines of /etc/init.d/rc and /etc/profile, execute the
> command itself in your shell and then restart all daemons that allow
> logins (xdm, sshd, inetd/xinetd, ...). Alternatively, simply reboot after
> adding the lines. (Courtesy of Solar Designer)
>
> > Friendly greetings.
> > Gar
>
> Thanks for summarizing.
>
> Roman.
> --
> - -
> | Roman Drahtm├╝ller <draht@xxxxxxx> // Nail here |
> SUSE Linux AG - Security Phone: // for a new
> | N├╝rnberg, Germany +49-911-740530 // monitor! --> [x] |
> - -
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>

==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691

< Previous Next >