On Fri, 4 Jan 2008, Dag-Erling Smørgrav wrote: > Robert Watson <rwatson_at_FreeBSD.org> writes: >> Dag-Erling Smørgrav <des_at_des.no> writes: >>> Robert Watson <rwatson_at_FreeBSD.org> writes: >>>> The right answer is presumably to introduce a new LIMIT_SWAP, which >>>> limits the allocation of anonymous memory by processes, and size it to >>>> something like 90% of swap space by default. >>> Not a good solution on its own. You need a per-process limit as well, >>> otherwise a malloc() bomb will still cause other processes to fail >>> randomly. >> That was what I had in mind, the above should read RLIMIT_SWAP. > > You don't want the default to be so high. You want a low default, with the > possibility for the admin to increase the limit for a particular user in > login.conf or similar without rebooting (which is currently not possible > since the default datasize == maxdsiz, which can only be changed in the > kernel config or loader.conf) I'm fine with also having global limits. > You may also want to have a collective limit for unprivileged users, so root > will still be able to log in if something goes wrong. This will presumably only work for console logins, as sshd (etc) will depend on unprivileged users, but perhaps that is fine. I'm less concerned with the details of the implementation or policy than that we simply be able to support even a basic policy and have it configured by default to prevent foot-shooting. Robert N M Watson Computer Laboratory University of CambridgeReceived on Fri Jan 04 2008 - 12:26:38 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:24 UTC