lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <18728.33883.823307.542174@cerise.gclements.plus.com>
Date: Sat, 22 Nov 2008 22:14:51 +0000
From: Glynn Clements <glynn@...ements.plus.com>
To: craig@...net.net
Cc: bugtraq@...urityfocus.com
Subject: Re: Re: MS Internet Explorer 7 Denial Of Service Exploit


craig@...net.net wrote:

> On Konqueror 3.5.9, what happens is that this childish code builds a
> huge string, eats memory, causes swapping, and finally blows away
> Konq. Linux and X and everything else stay up and recover nicely. 
> (Gentoo/AMD64X2/3G mem)
> 
> This isn't an exploit -- at least not on Linux -- it's just kiddie
> stupidity. It doesn't take any particular cleverness to blow memory by
> dynamically creating bigger and bigger data structures. With virtual
> memory and 64-bit pointers, when exactly do we return -ENOMEM?

When RLIMIT_AS has been exceeded.

If you disable the use of mmap'd-malloc() via mallopt(M_MMAP_MAX, 0),
you can effectively limit malloc() via RLIMIT_DATA.

If you really want to allow a single process to use all available RAM
for itself, you can; but you don't have to.

It might be nice if the browser limited the amount of memory which
could be used by e.g. JavaScript (although for Firefox, you would
probably want the limit to only be applied to "external" JavaScript,
given that much of the browser itself is written in JavaScript).

-- 
Glynn Clements <glynn@...ements.plus.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ