Local system security
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 5 21:46:39 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/05/2011 04:38 PM, Gregory Maxwell wrote:
> On Wed, Jan 5, 2011 at 4:13 PM, Adam Jackson <ajax at redhat.com> wrote:
>> But prevention of DoS on the part of local actors is just not a game you
>> can win. If nothing else, remember that the way Linux implements
>> malloc() assumes you have infinite memory, which means you overcommit
>> resources, which means failure happens. You can write code that
> [snip]
>
> # echo 2 > /proc/sys/vm/overcommit_memory
> # echo 0 > /proc/sys/vm/overcommit_ratio
>
> :)
>
> (and good luck with that!)
BTW SELinux confined users and cgroups can help somewhat control those
nasty students, but stopping a DOS will still be difficult.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0k5r8ACgkQrlYvE4MpobNkVgCgn1WVRz2Hh+SfFJpGRm9uAPNR
gSoAniwmk0GOsK4igotX08b/MgnBqhqa
=EFCr
-----END PGP SIGNATURE-----
More information about the devel
mailing list