similar to: Too many open files

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see

I didn't see this one applied to the repository yet. It may not be the best patch possible... basic problem is that _LARGEFILE64_SOURCE needs to be defined on Solaris 2.6 if AC_SYS_LARGEFILE ends up doing a '#define _FILE_OFFSET_BITS 64' If _FILE_OFFSET_BITS == 64, then <sys/resource.h> will define a 'struct rlimit64' but NOT define a 'struct rlimit' leading to

I'd like to have something like seq() where I can pass in a length of the desired sequence and a right limit so that the sequence goes up to the limit and then starts again from 1. # works now seq(from=2, length.out=3) [1] 2 3 4 # what I want seq(from=2, length.out=3, rlimit=3) [1] 2 3 1 # additional examples of what I want seq(from=2, length.out=4, rlimit=3) [1] 2 3 1 2 seq(from=2,

After fuzzing 'qemu-img info' I found that certain files can cause the command to use lots of memory and time. Modify the command mini-library to allow us to place resource limits on subprocesses, and use these to limit the amount of space and time used by 'qemu-img info'. --- configure.ac | 3 +++ src/command.c | 53

Can I configure openssh with --sandbox=seccomp_filter and have it still run on older kernels with sandboxing via rlimit? I'm asking from a linux distro packaging point of view. Does --sandbox=seccomp_filter keep the rlimit sandbox? It looks to me as if I can only link in one of the sandbox plugins. An openssh build with seccomp_filter enabled will probably have no sandbox at all on linux <

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to

On Thu, May 12, 2016 at 9:51 AM, Martin Maechler <maechler at stat.math.ethz.ch> wrote: > My conclusion was I could not use the RAppArmor package. > > (But that's wrong: For the rlimit*() functions below, one do > *NOT* need an AppArmor-enabled version of Linux !) Yes, it is a relatively recent (unadvertised) feature that the package now builds on linux systems without

Package: src:xcp-vncterm Version: 0.1-2 Severity: important Tags: sid jessie User: debian-glibc at lists.debian.org Usertags: ftbfs-glibc-2.17 The package fails to build in a test rebuild on at least amd64 with eglibc-2.17, but succeeds to build with eglibc-2.13. The severity of this report may be raised before the jessie release. The test rebuild was done together with GCC-4.8, so some issues

>>>>> Kirill M?ller <kirill.mueller at ivt.baug.ethz.ch> >>>>> on Wed, 11 May 2016 10:42:56 +0200 writes: > My ulimit package exposes this API ([1], should finally submit it to > CRAN); unfortunately this very API seems to be unsupported on OS X > [2,3]. Last time I looked into it, neither of the documented settings > achieved

Hi! I wrote a small patch to enable /etc/limits support in openssh. nice thing when you don't have PAM installed.. It is based on Ultor's openssh 1.x patch (http://marc.theaimsgroup.com/?l=secure-shell&m=96427677022741&w=2) Works fine on slackware7.1. define USE_ETC_LIMITS in config.h , and compile as usual. Sagi -------------- next part -------------- diff -N -u

Hi In QEMU 8 virtiofsd has been removed in favor of the rust version. Which includes options that are not longer supported, Do you have a view on what should be used going forwards to support virtiofsd in libvirt with qemu 8? The options are showing as depreciated, -o <compat-options>... Options in a format compatible with the legacy implementation [deprecated] Rust

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When are you all going to make Samba compatible with CCC (Compaq Compiler)? I would really like to be able to compile it using CCC but I keep getting the errors listed below. I was wondering, could please point me in the right direction for a solution to this dilemma? ==================== ERROR MESSAGE ==================== Using FLAGS = -O -fast

I was wondering if the following attack would be feasible once I'm able to break into rlimit sandbox. Because sandboxed process that handles unauthenticated session is running as the 'sshd' user I was wondering if this could be used to jump between processes using ptrace(2). For example if I find a bug in the code executed before authentication I could use ptrace(2) to attach to

https://bugzilla.mindrot.org/show_bug.cgi?id=2011 Bug #: 2011 Summary: sandbox selection needs some kind of fallback mechanism Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

Hi, Has anyone had any luck looking into this by any chance ? > On Mon, Aug 04, 2008 at 02:34:23PM -0400, Jeff Wieland wrote: >> Since we upgraded OpenSSH from 5.0p1 to 5.1p1 on our Solaris 8 boxes >> (I know, I know, we should upgrade or retire them...), we've started >> experiencing problems with slogin'ing into these boxes, running vi, >> and pasting text

I hate to be a pest, but are there any revelations on file descriptor "overusage" by dovecot-auth? ----- Forwarded message from Steven F Siirila <sfs at tc.umn.edu> ----- Date: Sat, 20 Jan 2007 12:42:50 -0600 From: Steven F Siirila <sfs at tc.umn.edu> To: Dovecot Mailing List <dovecot at dovecot.org> User-Agent: Mutt/1.4.2.1i Subject: Re: [Dovecot] dovecot-auth file

Hello all. I just wanted to tell you that poprelayd is now compatible with Dovecot. I have just created a parser for the Dovecot server. This might be interesting either for you or your future customers. Maybe you will want to make some advertisement for it ? I remind that poprelayd is a service that allows a POP user to use the SMTP server of the same machine to send e-mails (making relays)

I'm a new dovecot user, just began using it last week. I switched from courier because my research showed that Dovecot did indexes, and allows me to store them anywhere I chose. I did this, and it fixed some severe disk IO issues that my server had. (25k horde only webmail install using imap proxy). I'm using quotas, and by default had it set to 'dirsize'. my postfix is already

On Sun, Sep 17, 2017 at 12:39 AM, Juan Telleria <jtelleriar at gmail.com> wrote: > Dear R Developers, > > In the same way that MySQL/MariaDB's Engine InnoDB or MyISAM/Aria have the > innodb_buffer_pool_size or the key_buffer_size for setting the maximum > amount of RAM which can be used by a Server Instance. Memory is not controlled by R itself because packages may