file size rlimit inhibits kernel process accounting

Ian! D. Allen [NCFreeNet] (idallen@freenet.carleton.ca)
Tue, 12 Feb 2002 11:48:39 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jens Axboe: "Re: Linux 2.4.18-pre9-ac1"
Previous message: Bill Davidsen: "Re: How to check the kernel compile options ?"

Consider a file size ulimit/rlimit, set using something like:

ulimit -f 1000 # kilobytes of output files

All processes run from the above shell will be unable to write their
accounting file records (enabled with accton) if the size of the
accounting file is larger than the given file size limit.

This seems unintended. In fact, an intruder could purposefully set
a low file size limit to prevent process accounting and cover his/her
traces in the accounting log. (Or, someone could do it to avoid being
charged for system usage, etc.)

Same behaviour: 2.2.19 and 2.4.18-pre7

# cat /proc/version
Linux version 2.2.19-6.3mdk (root@updates.mandrakesoft.com) (gcc version
egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)) #1 Thu Nov 15 15:17:52
MST 2001

# cat /proc/version
Linux version 2.4.18-pre7 (root@idallen-home) (gcc version 2.96 20000731
(Mandrake Linux 8.1 2.96-0.62mdk)) #13 Thu Jan 31 00:51:41 EST 2002

-- 
-IAN!  Ian! D. Allen   Ottawa, Ontario, Canada   idallen@ncf.ca
       Home Page on the Ottawa FreeNet: http://www.ncf.ca/~aa610/
       College professor at: http://www.algonquincollege.com/~alleni/
       Board Member, TeleCommunities CANADA  http://www.tc.ca/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Jens Axboe: "Re: Linux 2.4.18-pre9-ac1"
Previous message: Bill Davidsen: "Re: How to check the kernel compile options ?"