Bug 61393 - Memory limits on /etc/security/limits.conf not honoured
Memory limits on /etc/security/limits.conf not honoured
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
7.2
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-18 18:47 EST by Carlos Paz
Modified: 2007-04-18 12:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-03-18 18:48:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Carlos Paz 2002-03-18 18:47:40 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)

Description of problem:
the per user memory process limit are not working (haven't checked group or 
other resources limits).


Version-Release number of selected component (if applicable):
kernel-2.4.9-31

How reproducible:
Always

Steps to Reproduce:
1. Add entries to /etc/security/limits.conf like:
pete hard data 15000
pete hard rss 15000
2. Start a new session as pete.


Actual Results:  pete's "ulimit -a" shows the right memory limits, but a test 
program can allocate any amount of memory, until the system crashes.

Expected Results:  pete's memory bomb process failed after reaching 15MB of 
memory.

Additional info:

I read somewhere else that 2.4 doesn't work well with user resource limits, but 
I hoped that this would be fixed with recent versions.

Combining this with the current version of php on redhat 7.2 that doesn't 
impose memory limits neither, any user can crash our web servers with a very 
simple program, that includes itself, for example.
Comment 1 Arjan van de Ven 2002-03-19 10:44:39 EST
The next release will have a kernel that enforces rss limits; you can already
get a preview kernel with that from rawhide....

Note You need to log in before you can comment on or make changes to this bug.