Re: Simple DoS...out of resources?

Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz)
Tue, 9 Mar 1999 12:00:04 +0100 (CET)


> > I already thought of it and I think that linux _should_ be more protected
> > against such kind of attacks. A simple solution: If there's no swap space,
> > the kernel should count which user is taking most memory and kill some his
> > processes; not just kill the first process that actually wants memory over
> > limit.
>
> Would you like it if you were that user and the kernel decided to kill
> some of your processes ? I'm sure I wouldn't :)

I wouldn't like to be an admin whose daemons die because some luser has a
memory leak in his program. :) (note that only browsing with netscape
crashed my computer few times because of java applets alocating more &
more memory)

Anyway, if the user takes less memory than
((amount of memory+swap)/number of active users), his processes won't get
killed. And if he allocates more, he does it at his own risk.

> Also, I thought the process that requests the over-the-limit memory isn't
> 'killed'. Surely the memory allocation routine fails. Making the user
> program take action.

In many cases allocation fails, but sometimes the process could get SIGBUS
or something like it. But it makes no difference - programs die if they
can't allocate memory; "better" programs write something like "out of
memory, terminating", worse programs work with NULL pointer and crash on
SIGSEGV.

Mikulas Patocka

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/