> > > Hi,
> > > > It is very easy to crash a system simply by viewing a large file with
> > > > editor such as pico. It will eat up all the resources and do some
> > > > unpredictible things. In my case I viewed a 100mb file as it was reading
> > > > it, it filled up all the swap space which is 48mb. It killed most of the
> > > > processes including sendmail, sshd, X, syslog. Does anyone have any idea
> > > > how can i protect myself against that kind of DoS? My configuration:
> > > > P100, 48mb ram, 48mb swap running on kernel 2.2.2.
> > > You need to set user resource limits. This isn't a kernel problem. See
> > > the "ulimit" command if you use bash. Other shells probably use a different
> > > command.
> > As a side note, the new versions of the linux shadow suite
> > support the /etc/limits command to force limits on users, and I
> > believe the RedHat PAM package has a similiar option..
> I already thought of it and I think that linux _should_ be more protected
> against such kind of attacks. A simple solution: If there's no swap space,
> the kernel should count which user is taking most memory and kill some his
> processes; not just kill the first process that actually wants memory over
> limit.
Would you like it if you were that user and the kernel decided to kill
some of your processes ? I'm sure I wouldn't :)
Also, I thought the process that requests the over-the-limit memory isn't
'killed'. Surely the memory allocation routine fails. Making the user
program take action.
Then again, I'm not awake yet..
Does this seem right?
d.
_____________________________________________________________
| Dave 'Barc0de' Jones. (Paranoid wierdo noize making geek) |
| barc0de@digital-corruption.net http://I.Am/PureHatred |
|_____________________________________________________________|
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/