[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[linux-security] Re: IPMASQ and lock-up of all terminals



Yet another way to deadlock login is to run out of file descriptors. I've
seen this quite often on mail and web servers lacking proper resource
limits.

You can diagnose and recover without rebooting if you built your kernel
with "Magic SysReq Keys." This does allow someone with local console access
can do nasty things, so you'll have to think through how it fits with your
site security policy.

Btw, on RedHat 6.0+ you have to edit /etc/sysconfig/init to stop the init
scripts from disabling sysrq. I found this undocumented change really
annoying, but it's not a bad thing to require people to know what they're
doing before hacking the kernel like this.
-- 
Rich Graves <rcgraves brandeis edu>
UNet Systems Administrator



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]