[2314] in linux-security and linux-alert archive
[linux-security] Re: IPMASQ and lock-up of all terminals
daemon@ATHENA.MIT.EDU (Rich Graves)
Mon Feb 28 16:55:39 2000
Date: Mon, 28 Feb 2000 16:35:33 -0500 (EST)
From: Rich Graves <rcgraves@brandeis.edu>
To: MeriwetherDJ@nswccd.navy.mil
cc: linux-security@redhat.com
In-Reply-To: <20000228125652.H32658@jasmine.psyber.com>
Message-ID: <Pine.LNX.4.10.10002281621030.17719-100000@quixote.unet.brandeis.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-From: linux-security@redhat.com
Yet another way to deadlock login is to run out of file descriptors. I've
seen this quite often on mail and web servers lacking proper resource
limits.
You can diagnose and recover without rebooting if you built your kernel
with "Magic SysReq Keys." This does allow someone with local console access
can do nasty things, so you'll have to think through how it fits with your
site security policy.
Btw, on RedHat 6.0+ you have to edit /etc/sysconfig/init to stop the init
scripts from disabling sysrq. I found this undocumented change really
annoying, but it's not a bad thing to require people to know what they're
doing before hacking the kernel like this.
--
Rich Graves <rcgraves@brandeis.edu>
UNet Systems Administrator
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
