-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Mar 15, 2005 at 10:41:08PM -0800, David Liontooth wrote: > In the meantime, gringotts is working great. But by changing this limit > value and activating it in > ssh, gdm, su, and login, did I just strengthen or weaken my security? > What are the potential costs down > the line for making the change? In the next release I try to include a pointer that explains a little what locked memory is and what implications there are to increase the available amount of locked memory to users.
> Perhaps I didn't need to increase the > limit, but did need to enable > pam_limits.so? No, this is not helping. The amount of locked memory available to users would not change. > If so, what are the potential consequences of doing this? What exactly you enable with pam_limits.so is configured and documented in the file /etc/security/limits.conf. > In brief, the instructions may work (I can't tell), but most users would > have no idea what they're doing. Well, I try to make some of the stuff in README.Debian more easy to understand with the next release. The _real_ problem is, though, that there are a lot of unrelated errors when locked memory is short. I even had segfaults. Perhaps the best handling would be to make sure enough locked memory is available before starting the program. Regards, Bastian - -- ,''`. Bastian Kleineidam : :' : GnuPG SchlÃssel `. `' gpg --keyserver wwwkeys.pgp.net --recv-keys 32EC6F3E `- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCOFtjeBwlBDLsbz4RAg0dAJ4nvSHcKw1itnzCeAWZWajgNU13CQCfRN82 pgVJionkFSw8UOneYHqtfCc= =bJWl -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
