| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Nov 2008 22:14:51 +0000 From: Glynn Clements <glynn@...ements.plus.com> To: craig@...net.net Cc: bugtraq@...urityfocus.com Subject: Re: Re: MS Internet Explorer 7 Denial Of Service Exploit craig@...net.net wrote: > On Konqueror 3.5.9, what happens is that this childish code builds a > huge string, eats memory, causes swapping, and finally blows away > Konq. Linux and X and everything else stay up and recover nicely. > (Gentoo/AMD64X2/3G mem) > > This isn't an exploit -- at least not on Linux -- it's just kiddie > stupidity. It doesn't take any particular cleverness to blow memory by > dynamically creating bigger and bigger data structures. With virtual > memory and 64-bit pointers, when exactly do we return -ENOMEM? When RLIMIT_AS has been exceeded. If you disable the use of mmap'd-malloc() via mallopt(M_MMAP_MAX, 0), you can effectively limit malloc() via RLIMIT_DATA. If you really want to allow a single process to use all available RAM for itself, you can; but you don't have to. It might be nice if the browser limited the amount of memory which could be used by e.g. JavaScript (although for Firefox, you would probably want the limit to only be applied to "external" JavaScript, given that much of the browser itself is written in JavaScript). -- Glynn Clements <glynn@...ements.plus.com>
Powered by blists - more mailing lists