Bug 61393 - Memory limits on /etc/security/limits.conf not honoured
Summary: Memory limits on /etc/security/limits.conf not honoured
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
(Show other bugs)
Version: 7.2
Hardware: i686 Linux
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2002-03-18 23:47 UTC by Carlos Paz
Modified: 2007-04-18 16:41 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-18 23:48:47 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Carlos Paz 2002-03-18 23:47:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)

Description of problem:
the per user memory process limit are not working (haven't checked group or 
other resources limits).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add entries to /etc/security/limits.conf like:
pete hard data 15000
pete hard rss 15000
2. Start a new session as pete.

Actual Results:  pete's "ulimit -a" shows the right memory limits, but a test 
program can allocate any amount of memory, until the system crashes.

Expected Results:  pete's memory bomb process failed after reaching 15MB of 

Additional info:

I read somewhere else that 2.4 doesn't work well with user resource limits, but 
I hoped that this would be fixed with recent versions.

Combining this with the current version of php on redhat 7.2 that doesn't 
impose memory limits neither, any user can crash our web servers with a very 
simple program, that includes itself, for example.

Comment 1 Arjan van de Ven 2002-03-19 15:44:39 UTC
The next release will have a kernel that enforces rss limits; you can already
get a preview kernel with that from rawhide....

Note You need to log in before you can comment on or make changes to this bug.