| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Nov 2011 15:27:36 +0100 From: Kay Sievers <kay.sievers@...y.org> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Davidlohr Bueso <dave@....org>, Lennart Poettering <mzxreary@...inter.de>, Christoph Hellwig <hch@...radead.org>, Hugh Dickins <hughd@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, lkml <linux-kernel@...r.kernel.org>, linux-mm@...ck.org Subject: Re: [RFC PATCH] tmpfs: support user quotas On Mon, Nov 7, 2011 at 14:58, Alan Cox <alan@...rguk.ukuu.org.uk> wrote: >> Right, rlimit approach guarantees a simple way of dealing with users >> across all tmpfs instances. > > Which is almost certainly not what you want to happen. Think about direct > rendering. > > For simple stuff tmpfs already supports size/nr_blocks/nr_inodes mount > options so you can mount private resource constrained tmpfs objects > already without kernel changes. No rlimit hacks needed - and rlimit is > the wrong API anyway. What part of the message did you read? This is about _per_user_ limits, not global limits! Any untrusted user can fill /dev/shm today and DOS many services that way on any machine out there. Same for /tmp when it's a tmpfs, or /run/user. This is an absolutely unacceptable state and needs fixing. I don't care about which interface it is, if someting else fits better, let's discuss that, but it has surely absolutely noting to do with size/nr_blocks/nr_inodes. Kay -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists