oss-sec mailing list archives
Re: Short notes on qmail security guarantee
From: Arrigo Triulzi <arrigo () alchemistowl org>
Date: Fri, 22 May 2020 19:01:10 +0200
On 22 May 2020, at 17:45, Georgi Guninski <gguninski () gmail com> wrote:
I am not professional admin, but does postfix require limits? Do many widely used daemons need limits?
Well, normally these limits are enforced at the OS level. Depending on your OS of choice there are different ways in
which this is done. On BSD-derived systems it is most often in /etc/login.conf via login classes, e.g.:
daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-max=2048:\
:openfiles-cur=1024:\
:stacksize-cur=8M:\
:localcipher=blowfish,a:\
:tc=default:
whereby the user under which Postfix runs would be assigned to the daemon class (or, of course, a class which you
define with suitable restrictions) and have the limits above (“tc=default” means “inherit what is not explicitly
defined above from the “default” class, rest is self-evident, I hope).
Arrigo
Current thread:
- Short notes on qmail security guarantee Georgi Guninski (May 21)
- Re: Short notes on qmail security guarantee Solar Designer (May 22)
- Re: Short notes on qmail security guarantee Michal Zalewski (May 22)
- Re: Short notes on qmail security guarantee Georgi Guninski (May 22)
- Re: Short notes on qmail security guarantee Arrigo Triulzi (May 22)
- Re: Short notes on qmail security guarantee Perry E. Metzger (May 22)
- Re: Short notes on qmail security guarantee Jeffrey Walton (May 22)
- Re: Short notes on qmail security guarantee Solar Designer (May 22)