lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 8 May 2009 18:37:56 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Elladan <elladan@...imo.com>
Cc:	Rik van Riel <riel@...hat.com>, Christoph Lameter <cl@...ux.com>,
	Lee Schermerhorn <Lee.Schermerhorn@...com>,
	Peter Zijlstra <peterz@...radead.org>,
	Wu Fengguang <fengguang.wu@...el.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"tytso@....edu" <tytso@....edu>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	Elladan <elladan@...imo.com>, Nick Piggin <npiggin@...e.de>,
	Johannes Weiner <hannes@...xchg.org>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
Subject: Re: [PATCH -mm] vmscan: make mapped executable pages the first
 class citizen


> I don't think this sort of DOS is relevant for a single user or trusted user
> system.  
> 
> I don't know of any distro that applies default ulimits, so desktops are

A lot of people turn on the vm overcommit protection. In fact if you run
some of the standard desktop apps today its practically essential to deal
with them quietly leaking the box into oblivion or just going mad at
random intervals.

> already susceptible to the far more trivial "call malloc a lot" or "fork bomb"
> attacks.  Plus, ulimits don't help, since they only apply per process - you'd
> need a default mem cgroup before this mattered, I think.

We have a system wide one in effect via the vm overcommit stuff and have
had for years. It works, its relevant and even if it didn't "everything
else sucks" isn't an excuse for more suckage but a call for better things.

If you want any kind of tunable user controllable vm priority then the
obvious things to do would be to borrow the nice() values or implement a
vmnice() for VMAs so users can only say "flog me harder".

Not I fear that it matters - until you fix the two problems of obscenely
bloated leaky apps and bad I/O performance its really an "everything
louder than everything else" kind of argument.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ