Re: [PATCH] Reserve N process to root

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Al Boldi <a1426z@...>

Cc: LKML Kernel <linux-kernel@...>, <g@...>, Valdis Kletnieks <Valdis.Kletnieks@...>

Subject: Re: [PATCH] Reserve N process to root

Date: Thursday, October 11, 2007 - 10:42 pm

Please don't trim CC lists

On Oct 11, 2007, at 17:02:37, Al Boldi wrote:
quoted text> David Newall wrote:
>> Valdis.Kletnieks@vt.edu wrote:
>>> What David meant was that "root will always have a slot" doesn't  
>>> *actually* help unless you *also* have a way to actually *spawn*  
>>> such a process.  In order to do the ps, kill, and so on that you  
>>> need to recover, you need to already have either a root shell  
>>> available, or a way to *get* a root shell that doesn't rely on a  
>>> non-root process (so /bin/su doesn't help here).
>>
>> That's right, although it's worse than that.  You need to have a  
>> process with CAP_SYS_ADMIN.  If root processes normally have that  
>> capability then the reserved slots may well disappear before you  
>> notice a problem.  If root processes normally don't have it, then  
>> you need to guarantee that one is already running.
>
> I once posted a patch to handle this DoS, but, as usual, it wasn't  
> accepted.  Go figure...

This isn't really necessary any more with the new CFS scheduler.  If  
you want to prevent excess memory usage then you limit memory usage,  
not process count, so just set the system max process count to  
something absurdly high and leave the user counts down at the maximum  
a user might run.  Then as long as the sum of the user processes is  
less than the max number of processes (which you just set absurdly  
high or unlimited), you may still log in.  With the per-user  
scheduling enabled CFS allows you to run an optimistically-real-time  
game as one user and several thousand busy-loops as another user and  
get almost picture perfect 50% CPU distribution between the users.   
To me that seems a much better DoS-prevention system than limits  
which don't scale based on how many people are requesting resources.

Cheers,
Kyle Moffett

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [PATCH] Reserve N process to root, Al Boldi, (Thu Oct 11, 5:02 pm)

Re: [PATCH] Reserve N process to root, Kyle Moffett, (Thu Oct 11, 10:42 pm)

Re: [PATCH] Reserve N process to root, Al Boldi, (Fri Oct 12, 1:37 am)

Re: [PATCH] Reserve N process to root, Kyle Moffett, (Fri Oct 12, 1:49 am)

Re: [PATCH] Reserve N process to root, Al Boldi, (Fri Oct 12, 2:29 am)

Re: [PATCH] Reserve N process to root, Gustavo Chain, (Fri Oct 12, 9:34 pm)

Re: [PATCH] Reserve N process to root, Al Boldi, (Sat Oct 13, 1:01 am)


linux-kernel:
Sunil Naidu	Re: Linux 2.6.20-rc6
Alan Cox	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Chris Snook	Re: init's children list is long and slows reaping children.
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
git:

openbsd-misc:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	[GIT]: Networking
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Eric W. Biederman	Re: [PATCH 10/11] avoid kobject name conflict with different namespaces

Re: [PATCH] Reserve N process to root

Online users