lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


It was thus said that the Great Rena once stated:
> 
> Assigning resource limits to the process is certainly one solution, but
> that applies to the entire process. Is it possible to remove those limits
> after reading the config? Once a process drops root privileges, AFAIK it
> can't get them back, because that would defeat the entire purpose (once
> malicious code had taken over the process, it could just re-request root
> privileges). Does the same not apply to resource limits?

  I'm answering only for POSIX (Unix).  There are two types of limits, soft
and hard (both types set with setrlimit()).  Any process can change the soft
limit to any value, but that value cannot exceed the hard limit.  Any
process can lower the hard limit, but only root (or for Linux, those with
the right capability, or root, depending upon the Linux distribution) can
raise the hard limit.

  The kernel actually checks the soft limit; the hard limit is just that, a
limit you cannot exceed.  

  The limits you can set are:

	RLIMIT_CORE	size in bytes of core files
	RLIMIT_CPU	max seconds of CPU seconds (not wall time, CPU time)
	RLIMIT_DATA	size in bytes of data segment
	RLIMIT_FSIZE	size in bytes of maximum file size process can create
	RLIMIT_NOFILE	max number of open files for a process
	RLIMIT_STACK	size in bytes of stack
	RLIMIT_AS	size in bytes of process address space

  A Unix system may provide other limits not listed here (for example, Linux
and BSD provide RLIMIT_NPROC, which is the number of child processes that
can be created).  I have written a Lua interface for this [1].

  -spc (Windows might have something similar, but I don't know any details)

[1]	https://github.com/spc476/lua-conmanorg/blob/master/src/process.c