Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2014-12-29 00:29:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam" Changes: -------- --- /work/SRC/openSUSE:Factory/pam/pam.changes 2014-04-22 07:49:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2014-12-29 00:29:43.000000000 +0100 @@ -1,0 +2,6 @@ +Tue May 6 14:31:36 UTC 2014 - [email protected] + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- New: ---- pam-limit-nproc.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam.spec ++++++ --- /var/tmp/diff_new_pack.40j0dz/_old 2014-12-29 00:29:44.000000000 +0100 +++ /var/tmp/diff_new_pack.40j0dz/_new 2014-12-29 00:29:44.000000000 +0100 @@ -56,6 +56,7 @@ Patch2: pam_loginuid-log_write_errors.diff Patch3: pam_xauth-sigpipe.diff Patch4: bug-870433_pam_timestamp-fix-directory-traversal.patch +Patch5: pam-limit-nproc.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -104,6 +105,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build export CFLAGS="%optflags -DNDEBUG" ++++++ pam-limit-nproc.patch ++++++ Index: Linux-PAM-1.1.8/modules/pam_limits/limits.conf =================================================================== --- Linux-PAM-1.1.8.orig/modules/pam_limits/limits.conf +++ Linux-PAM-1.1.8/modules/pam_limits/limits.conf @@ -47,4 +47,10 @@ #ftp hard nproc 0 #@student - maxlogins 4 +# harden against fork-bombs +* hard nproc 800 +* soft nproc 700 +root hard nproc 900 +root soft nproc 850 + # End of file -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
