> > People have actually tried this and my patch seems to
> > catch the hog just fine :)
>
> Any sufficiently well-coded bomb is indistinguishable from an innocent
> unattended package :-)
Which is why the solution is two-part:
* An OOM killer good enough to handle the "some process went insane"
case. From all accounts, Rik's patch does this well.
* Comprehensive per-uid resource accounting (the beancounting work)
to guard against malicious users. This would be great for 2.5
(but, of course, that was said about 2.3 as well..) A full
implementation would also fix DoSes against users using kernel
memory (network buffers, page table mappings) which is a lot
nastier than simple VM exhaustion.
-Mitch
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:30 EST