Set resource limits

Currently, Tails does no resource limitation, even though it is supported by PAM through the /etc/security/limits.conf file. The rlimits primarily reduce the risk of DoS through, say, fork bombs, and it can reduce vulnerabilities. Some examples:

• RLIMIT_STACK can mitigate various ASLR-exhaustion attacks.
• RLIMIT_AS can mitigate some types of integer overflows (such as the RCE libotr had, or the large number of X11 extension vulnerabilities).
• RLIMIT_NICE can make some side-channel attacks a bit harder.
• RLIMIT_CORE can allow debugging crashes that were potentially caused by exploits.
• RLIMIT_NPROC can mitigate many of the easiest forms of DoSes, as well as make side-channel attacks harder.
• RLIMIT_CPU can make side-channel attacks and attacks like rowhammer harder, when used wisely.

Resource limits can be applied to users or groups, though the prlimit64() syscall can be used to set it for processes which are already running. I suggest limiting AS for all processes but the browser (as it is the most likely to have a legitimate need to eat up lots of memory) and similar bloated beasts, the number of processes for the amnesia user, and the stack size and niceness for all processes (setting it to even 8 MiB would be enough). The core limit should be lifted or made very liberal, and coredumps configured to log to journald. I assume coredumps logged there are not readable by unprivileged users (to prevent, say, sending SIGSEGV to a victim process in order to read potentially sensitive memory contents). Reducing other limits can be done as deemed safe. Individual sensitive users can be restricted more, such as the debian-tor user.

Please consider taking advantage of this simple but useful PAM feature.

Original created by @cypherpunks on 14880 (Redmine)