lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 7 Jul 2007 23:46:48 +0200
From:	Willy Tarreau <w@....eu>
To:	Bodo Eggert <7eggert@....de>
Cc:	Jan Engelhardt <jengelh@...putergmbh.de>,
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [RFC][Patch] Allow not mounting a root fs

On Sat, Jul 07, 2007 at 11:18:59PM +0200, Bodo Eggert wrote:
> On Sat, 7 Jul 2007, Jan Engelhardt wrote:
> > On Jul 5 2007 19:08, H. Peter Anvin wrote:
> 
> > >> BTW: Is it possible to mount a tmpfs on / before extracting the cpio?
> > >
> > >Not in the stock kernel.  There have been some patches floating around
> > >for that, I think.
> > 
> > What would it buy? rootfs is a tmpfs, is not it?
> 
> As far as I understand, it is a ramfs aka. non-swappable tmpfs without any 
> limit and including a chance of DoSing the system.
> 
> Since I'm toying with root-on-initcpio, I'm looking for things that might 
> make the task some easier.
> 
> Currently I'm thinking about changing the root=initramfs to root=tmpfs and
> additionally mounting a tmpfs on / before unpacking the cpios. OTOH, this 
> seems to be a little bit messy. OTOH again, in _that_ boot code, nobody
> should complain :)

Well, maybe it would be time to assign limits to ramfs. I have a patch for
this in all my own 2.4 kernels that I use on appliances, network boot and
bootable CDs. It was a bit tricky to get the limits to work well in 2.4
because it was not easy to track which pages were used by whom. But I presume
that rmap in 2.6 should help a lot.

If someone is willing to give this a try, here's the 2.4 patch :

  http://linux.1wt.eu/kernel/patches-2.4.34-wt1/pool/2.4.32-ramfs-limits-5

Regards,
Willy
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ