On Tue, 14 Mar 2000, Rik van Riel wrote:
> On Tue, 14 Mar 2000, James Sutherland wrote:
>
> > OK, a more intelligent malicious user could write code that
> > would find the biggest process currently running, then allocate
> > slightly less memory than it, then fork and repeat. Fixing this
> > would need per-user resource limits...
>
> This would be detected by my OOM patch since the hogs
> aren't running as long as the big simulation and haven't
> used as much CPU time...
Not necessarily the one big simulation case (that's easy :) but what about
a typical case? Say, a multi-user system, hundreds of user processes,
various sizes and CPU times. Now, I come along and run my "malloc() bomb",
BUT modified so it has a busy loop in. Allocating, say, 4K every second.
After a couple of hours, maybe a day or two, it has chewed up many hours
of CPU time, and many Mb of RAM. It then looks like a legitimate process,
and other things die :-)
> People have actually tried this and my patch seems to
> catch the hog just fine :)
Any sufficiently well-coded bomb is indistinguishable from an innocent
unattended package :-)
James.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:29 EST