Kurt Seifried wrote: >>Solution: no temporary solution yet, there should be a global per user >>file limit, the reserved file descriptors should be given out under >>another uid/euid policy. The NR_RESERVED_FILES limit seems to me to be >>really low. >> >> > >Huh. Simply limit users, PAM provides this capability, as do most shells. >From: http://seifried.org/lasg/users/ > > Yes, but maybe the point of my original posting was not completely clear to everybody. Just look at the [*] line in the original post. The problem is the policy to give out the reserved file descriptors. Limiting users is a well known issue (to mostly everybody here I think) but sometimes it is not applicable or even not enough to prevent this kind of DoS. regards, Paul Starzetz
