Re: DOS by unprivileged user

[Ferry Toth]

Op vrijdag 20 april 2018 06:46:58 CEST schreef Mike Galbraith:
> On Thu, 2018-04-19 at 21:13 +0200, Ferry Toth wrote:
> > It appears any ordinary user can easily create a DOS on linux.
> > 
> > One sure way to reproduce this is to open gitk on the linux kernel repo 
> > (SIC) on a machine with 8GB RAM 16 GB swap on a HDD with btrfs and quad core 
> > + hyperthreading. But I will be easy enough to get the same effect with more 
> > RAM, other fs etc.
> > 
> > In this case gitk allocates more and more memory (until my system freezes 
> > 6.5GB of 7.5GB avaiable), the system starts swapping or writing to tmp files 
> > (can't investigate as there is no time until it freezes) and the io wait 
> > goes to 100% on all cores. At this point it is impossible to login from 
> > remote and local keyboard and mouse are frozen. Hard reset is the only way 
> > out at this point.
> 
> datapoint: my i4790/ext4 box running master.yesterday booted mem=8G
> became highly unpleasant to use, but I retained control, and the all
> cores going to 100% thing did not happen at any time.
> 
> I didn't try constraining on the gitk user, just turned it loose a few
> times to see if it managed to render box effectively dead.  It failed
> to kill my box, but (expectedly) did make it suck rocks.
> 
> 	-Mike
> 

Yes, might be less dramatic with ext4 than with btrfs (COW icw fsync on hdd's destroys performance 
of things like virtualbox, databases, dpkg).

Nevertheless I feel one process should not be allowed to harm other processes by denying them resources. Even if when btrfs makes it easy abuse I think the scheduler should have throttled gitk.