[ardour-users] limits.conf WARNING

Brett Clark Brett at ciscoinc.com
Fri Feb 2 08:31:35 PST 2007 

>> there is only root and the user "nowhiskey", who is in the audio group
Then you are probably okay.  Im not aware of any attacks that could
be made via memlock other than a process that would use up all the
memory, then the swap, and eventually crash the machine.  It would
be an annoyance, but not a serious system compromise.  And this
is only a concern if your system is on a public network and you have
simple passwords for either 'root' and/or 'nowhiskey'.
 
--Brett
 
 

________________________________

From: Dragan Noveski [mailto:perodog at gmx.net]
Sent: Fri 2/2/2007 10:11 AM
To: Brett Clark; ardour-users at lists.ardour.org
Subject: Re: [ardour-users] limits.conf WARNING



Brett Clark wrote:
>>> is it  a kind of security risk, if i leave that line like that now?
>>>      
> 
> If you changed the line for @audio, then it would only be a risk for
> users in the 'audio' group.  You can also set the line for a specific
> user by putting the user name w/o the preceeding '@' sign.  That
> would narrow the risk further.  For example:
> 
>     myuser   -   memlock unlimited
> 
> would set it to unlimited for myuser only.
> 
> 
> --Brett
> 
>  
i understand, but here there is only root and the user "nowhiskey", who
is in the audio group.
so i think it does not make a really sense, but i am not sure?

cheers,
doc
> 
>
> ________________________________
>
> From: ardour-users-bounces at lists.ardour.org on behalf of Dragan Noveski
> Sent: Fri 2/2/2007 9:21 AM
> To: Sampo Savolainen; ardour-users at lists.ardour.org
> Subject: Re: [ardour-users] limits.conf WARNING
>
>
>
> Sampo Savolainen wrote:
>  
>> Quoting Dragan Noveski <perodog at gmx.net>:
>>
>> 
>>    
>>> so i extended the limits.conf file here now:
>>>
>>>  @audio - rtprio 99
>>> @audio - memlock 500000
>>> @audio - nice -10
>>> @audio   soft            nolimit    4096
>>> @audio   hard            nolimit    8192 
>>>
>>> but still there is that warning.
>>>
>>> as i understood sampo, it is not bad at all, its only a warning about a
>>> existing of an maximum of memlock. but in the never svn, i get now the
>>> warning not only in the terminal, but there is an extra window appearing
>>>
>>> before the ardourvst session opens.
>>>   
>>>      
>> Yes. There is now also a warning dialog. We are planning to put a "do not
>> show this dialog again" checkbox into the dialog. The idea is to make users
>> concious about the existing limit.
>>
>> I feel the need to voice out one more concern: Some systems have an
>> "inherent" memlock limit which might be causing some people unnecessary
>> headache. This inherent limit shows up when no memlock clause is in
>> limits.conf. This can be as low as 32kb! That limit is so low that jackd
>> can't start, let alone ardour.
>>
>> For the record, you can set that to unlimited by simply setting the
>> limits.conf memlock limit clause to "unlimited" (without the quotes).
>>
>>
>>   Sampo
>>
>> 
>>    
> thanks sampo, i just change that line as you suggested , did a reboot
> and i don´t get that warning anymore.
> is it  a kind of security risk, if i leave that line like that now?
>
> cheers,
> doc
> _______________________________________________
> ardour-users mailing list
> ardour-users at lists.ardour.org
> http://lists.ardour.org/listinfo.cgi/ardour-users-ardour.org
>
>
>

More information about the Ardour-Users mailing list