From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LQCPR-0001Kw-0z for garchives@archives.gentoo.org; Fri, 23 Jan 2009 03:08:41 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F2058E0590; Fri, 23 Jan 2009 03:07:56 +0000 (UTC) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by pigeon.gentoo.org (Postfix) with ESMTP id B1F34E0590 for ; Fri, 23 Jan 2009 03:07:56 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e21so2406643fga.14 for ; Thu, 22 Jan 2009 19:07:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Dzz7jpWHF15h3MlyQCT2v129AHTjzBYg3QR0LREqaBs=; b=uR8zvnkYIHy1+ZtSTkgqGbmfp1DZp0WF4gdb75JBXhPdpJHQBc0xGNuL04JNq7AoZO 9Zh6a3hkqdavKS0A7UrIwFtvtuCpCW+sYJ2U2zFm69fRUlDYlwLuJCnNt5cNZkkAUbCr oga1xNrU3C9RzWTuQdCcyC2Y+e070WCY9W/FY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=cAkDoJDytABOfK39ZOWDiO5Rp6ZPx/BiZd4URSaN+4LLG5jIufbKarN84O1FbPclTT dXs1v3i8+I1vipWEwIaG5Yz/jd+wzSyFmZIXlIfLvOTGbru2pLuiyQthP+FapMZRG1Ky pfLfjqAle8W76Ph0b8FcyvkVwS/8suVTOTxe4= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.181.135.12 with SMTP id m12mr2406852bkn.88.1232680075896; Thu, 22 Jan 2009 19:07:55 -0800 (PST) In-Reply-To: <4255c2570901221308y37ee8f26i11f33c9e3bbf5626@mail.gmail.com> References: <49bf44f10901221106n630d668fwc7fe390f53a600b8@mail.gmail.com> <4255c2570901221126p1d52dbc3r649fbf21793fd49a@mail.gmail.com> <49bf44f10901221301k47941d92lc717e237a657e139@mail.gmail.com> <4255c2570901221308y37ee8f26i11f33c9e3bbf5626@mail.gmail.com> Date: Thu, 22 Jan 2009 19:07:55 -0800 Message-ID: <49bf44f10901221907ie90aaa7rc87fe6bd5b160b97@mail.gmail.com> Subject: Re: [gentoo-hardened] 'paxctl -m bin' everything that complains? From: Grant To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: ecd6c9c6-7838-486d-aab8-2023800e1f17 X-Archives-Hash: a2c8334c4ee03dbc196fef04b1797000 >>> Check out 'ulimit -a' or search for 'ulimit' in bash(1). >> >> I read about ulimit and I'm wondering if I need to worry about >> increasing that coredump size from zero. Can I just ignore those >> grsec messages without causing a problem? > > Allowing core dumps will enable failed applications to dump a copy of > their memory to disk; generally this only causes issues if you're > disk-space sensitive. It can also be an issue for applications that > hold sensitive data (like passwords) in-memory. > > If you can, yes - just ignore the RLIMIT_CORE ones. You probably want > to find out why applications are trying to dump, but the messages are > a symptom rather than the cause. It turns out I need to issue 'paxctl -m /usr/lib64/mozilla-firefox/firefox' to prevent firefox from crashing when watching a cnn.com video. Is that a huge security issue? - Grant