lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 12 Apr 2014 08:39:59 -0700
From:	Davidlohr Bueso <davidlohr@...com>
To:	Manfred Spraul <manfred@...orfullife.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Davidlohr Bueso <davidlohr.bueso@...com>,
	LKML <linux-kernel@...r.kernel.org>,
	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	gthelen@...gle.com, aswin@...com, linux-mm@...ck.org
Subject: Re: [PATCH] ipc/shm: disable SHMALL, SHMMAX

On Sat, 2014-04-12 at 13:48 +0200, Manfred Spraul wrote:
> Shared memory segment can be abused to trigger out-of-memory conditions and
> the standard measures against out-of-memory do not work:
> 
> - It is not possible to use setrlimit to limit the size of shm segments.
> 
> - Segments can exist without association with any processes, thus
>   the oom-killer is unable to free that memory.
> 
> Therefore Linux always limited the size of segments by default to 32 MB.
> As most systems do not need a protection against malicious user space apps,
> a default that forces most admins and distros to change it doesn't make
> sense.
> 
> The patch disables both limits by setting the limits to ULONG_MAX.
> 
> Admins who need a protection against out-of-memory conditions should
> reduce the limits again and/or enable shm_rmid_forced.
> 
> Davidlohr: What do you think?
> 
> I prefer this approach: No need to update the man pages, smaller change
> of the code, smaller risk of user space incompatibilities.

As I've mentioned before, both approaches are correct.

I still much prefer using 0 instead of ULONG_MAX, it's far easier to
understand. And considering the v2 which fixes the shmget(key, 0, flg)
usage, I _still_ don't see why it would cause legitimate user
incompatibilities.

Regarding the manpage, regardless the approach we end up taking, it
should still be updated. This is an important change for users, making
their life easier. We should inform them explicitly about them not
really needing to deal with the hassle of shm limits anymore.

Thanks,
Davidlohr

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ