Increase default nofile ulimit

Robie Basak robie.basak at ubuntu.com
Sun Jun 15 20:41:55 UTC 2014


On Mon, Jun 09, 2014 at 12:10:40PM +0100, Robie Basak wrote:
> AIUI, there are security implications for raising this limit system-wide
> by default, since applications that use select() are often broken and
> will become vulnerable with a higher limit.
> 
> See
> https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html
> 
> for the previous discussion.

Update: Kees reports that setting _FORTIFY_SOURCE=2 does now add some
protection to this particular failure scenario.

He says: "...but now I won’t be so worried when I see requests to raise
the open descriptor limit above 1024."

Source:
http://www.outflux.net/blog/archives/2014/06/13/5-year-old-glibc-select-weakness-fixed/

Thanks Kees!

Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20140615/0381256f/attachment.sig>


More information about the Ubuntu-devel-discuss mailing list