| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Sep 2010 06:33:46 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, kosaki.motohiro@...fujitsu.com, spender@...ecurity.net, eric.dumazet@...il.com Subject: How can OOM killer detect process consuming much kernel memory? I contacted Brad Spengler regarding below topic http://kerneltrap.org/mailarchive/linux-netdev/2010/8/21/6283491 and received some comments. Brad Spengler wrote: > Tetsuo Handa wrote: > > Brad Spengler wrote: > > > Nice find, seems like the problem isn't just the exhaustion of the space > > > itself, but that a single non-root user can completely exhaust it with > > > no limitation (given enough RAM). There should be some per-user > > > resource limit for this (similar to RLIMIT_NPROC) or the space should be > > > made less rigid. > > > > > I posted a patch in the third message of that thread, but no response so far. > > I don't know whether we should allow 4294967296 names or not > > because more RAM will be consumed by attacker if more names are allowed. > > The max size for sun_path is considerably large; why couldn't we encode > the uid/namespace into it somehow and reduce the amount each user can > allocate? (conceptually it'd be something like, <namespace > uuid><uid><hex to operate on as previously>) The OOM killer needs to > make sure creators of large numbers of these get killed, but > implementing a per-user limit on this keeps it from turning into a DoS. Is it possible to make OOM killer to kill processes consuming kernel memory rather than userspace memory? I'm happy if OOM killer can select victim process based on both kernel memory usage and userspace memory usage. For example, opening a file requires kernel memory allocation (e.g. /sys/kernel/security/tomoyo/self_domain allocates 8KB of kernel memory). Therefore, I refuse allowing everybody to open that file even if the content is public (because an attacker would open /sys/kernel/security/tomoyo/self_domain as many as possible using fork() and open() in order to exhaust kernel memory). -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists