lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130311144737.GA7024@pcnci.linuxbox.cz>
Date:	Mon, 11 Mar 2013 15:47:37 +0100
From:	Nikola Ciprich <nikola.ciprich@...uxbox.cz>
To:	linux-kernel mlist <linux-kernel@...r.kernel.org>
Subject: in.tftpd - ulimit -u not working? cgroups?

Hello everybody,

on one of our boxes, I'm encountering strange problem from
time to time.. in.tftpd processes are forking up to thousand of
processes, getting server to almost unresponsive state.

I've tried various approaches to limiting tftp daemon but to no
avail..

what puzzles me most is, that it seems to breach even ulimit -u setting.

I'm starting in.tftpd from initscript (so no xinetd), prior to starting it, ulimit -n 50
is run.

I can see limit set up correctly for master process:

grep processes /proc/XXX/limits:
Max processes             50                   50                   processes

but again, few days ago, problem occured again, according to atop records, thousands
of in.tftpd processes got forked..

Any idea on what could I be doing wrong?

I also tried limiting memory using cgroups, but even with limit of 2MB, it can spawn
much more processes than I'd like, and 1MB is too low... Is it possible to limit
number of processes using cgroups? but I still think ulimit should be enough, but
what am I doing wrong here?

thanks a lot for any clues in advance, I'm really becoming desperate...

BR

nik

-- 
-------------------------------------
Ing. Nikola CIPRICH
LinuxBox.cz, s.r.o.
28.rijna 168, 709 00 Ostrava

tel.:   +420 591 166 214
fax:    +420 596 621 273
mobil:  +420 777 093 799
www.linuxbox.cz

mobil servis: +420 737 238 656
email servis: servis@...uxbox.cz
-------------------------------------

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ