From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LQ6mT-0000uy-76 for garchives@archives.gentoo.org; Thu, 22 Jan 2009 21:08:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C092CE0803; Thu, 22 Jan 2009 21:08:03 +0000 (UTC) Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.245]) by pigeon.gentoo.org (Postfix) with ESMTP id 91F76E0803 for ; Thu, 22 Jan 2009 21:08:03 +0000 (UTC) Received: by rv-out-0708.google.com with SMTP id b17so4753663rvf.46 for ; Thu, 22 Jan 2009 13:08:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=CZc7XtUjBIQ1FBB7z8IXzGUeqqk2DoK0cWeXPHYNbwM=; b=M4fCzEZfysiRIhk3mVQ4b/lG7KNUeXeBIec8KKre6+6EzAmsE+KaIycVOFoWnlMXH6 CfjVZ14tni8UT+DnBawE5nfCV+W+8XFL1sMP09XJyxTIm/bq2XIOqP1fCSlItc5NaBEw P6yD6N3fsuQzCe00mUOJUYZO0hSdCE1kCVA74= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=He0UnYj4DCPMNxs0vemDD35kuoCqx7SyXK6G7QxtfQlQ3n3x3PFflSoEY4s7xw82/y ekD+OhrSxKmfpTrwDC5UPzblZLh9yXrpg90KndRyA5P9EywuayaHGA2ugEVzUDeueXEM NR1FHrO7tuTUEofD3fbD0hMIlk39749/hrBjA= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.141.63.20 with SMTP id q20mr4393377rvk.106.1232658483153; Thu, 22 Jan 2009 13:08:03 -0800 (PST) In-Reply-To: <49bf44f10901221301k47941d92lc717e237a657e139@mail.gmail.com> References: <49bf44f10901221106n630d668fwc7fe390f53a600b8@mail.gmail.com> <4255c2570901221126p1d52dbc3r649fbf21793fd49a@mail.gmail.com> <49bf44f10901221301k47941d92lc717e237a657e139@mail.gmail.com> Date: Thu, 22 Jan 2009 14:08:03 -0700 Message-ID: <4255c2570901221308y37ee8f26i11f33c9e3bbf5626@mail.gmail.com> Subject: Re: [gentoo-hardened] 'paxctl -m bin' everything that complains? From: RB To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: f1d9bd2f-5667-49db-8a60-382c17fe69c8 X-Archives-Hash: eb9a8a7ed9260762ac64635149046ba3 On Thu, Jan 22, 2009 at 14:01, Grant wrote: >> Check out 'ulimit -a' or search for 'ulimit' in bash(1). > > I read about ulimit and I'm wondering if I need to worry about > increasing that coredump size from zero. Can I just ignore those > grsec messages without causing a problem? Allowing core dumps will enable failed applications to dump a copy of their memory to disk; generally this only causes issues if you're disk-space sensitive. It can also be an issue for applications that hold sensitive data (like passwords) in-memory. If you can, yes - just ignore the RLIMIT_CORE ones. You probably want to find out why applications are trying to dump, but the messages are a symptom rather than the cause.