Process on linux ignoring resource limits

tags:

ipc
linux

views:

175

answers:

Process on linux ignoring resource limits

+1 A:

On linux, specifically, a user could do what you say. But linux will send sigkill to the process if the hard limit is reached(as opposed to the soft limit you've set), and that will terminate the process.

(Remember though, you really really need to run your stuff in a chrooted environment)

nos 2009-06-25 18:11:15

I think I get the idea. I will chroot to the directory of my code and then set a hard limit. Correct me if I'm wrong.I think this will have some effect on the include paths though.

2009-06-25 18:30:24

It will. You should replicate a minimalistic environment, containing just what's neeeded to compile/run the stuff you want in the chrooted environment.(sort of a mini,mini linux installation containing only the compiler/headers and other small pieces in its own directory)

nos 2009-06-25 18:59:11

+1 A:

Wow. Having thought about this daunting undertaking for all of about 7 minutes I apologize in advance for anything stupid I am about to say.

Is this going to be something like UVA Judge?

If the goal is to allow relatively simple programs to run without allowing malicious users destroying your system then it seems you need to be more proactive than this or you will be patching holes until the end of time.

At a minimum I think you would need to strip out user header files and substitute one of your own that contains the minimum functionality. Disallow assembler. Use a modified stdlib and/or kernel that no-ops or kills the process on any attempted syscall(), etc.

There is an awful lot to consider here.

Duck 2009-06-25 18:43:18

Yes quite similar to UVA Judge. Thanks for the suggestions. I'll try to implement them

2009-06-25 18:59:02

ansaurus

tags:

views:

answers:

Process on linux ignoring resource limits

related questions