Date: Thu, 28 Jan 2016 08:45:57 +0800 From: Marcelo Araujo <araujobsdport@gmail.com> To: Mark Felder <feld@freebsd.org> Cc: freebsd-hackers@freebsd.org, Jan Bramkamp <crest@rlwinm.de> Subject: Re: syslogd(8) with OOM Killer protection Message-ID: <CAOfEmZjPQ0S=7espP0=MZV=4EbRDAmbw6k2b%2BJMV1iEEq=kJPg@mail.gmail.com> In-Reply-To: <1453923117.431542.504383322.05A41332@webmail.messagingengine.com> References: <CAOfEmZgzL2Ldu53CeSsKcUe00H1VAukhEopSUmpUK0=XAhsD1A@mail.gmail.com> <56A86D91.3040709@freebsd.org> <20160127072850.GG35911@ivaldir.etoilebsd.net> <CAAoTqfuVr_iXR=_AaGXTTGs20sfWeH76m3yDC-hvAL4kB9iKNA@mail.gmail.com> <56A89D7A.8080906@rlwinm.de> <1453923117.431542.504383322.05A41332@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 28, 2016 3:32 AM, "Mark Felder" <feld@freebsd.org> wrote: > > > > On Wed, Jan 27, 2016, at 04:35, Jan Bramkamp wrote: > > > > I would prefer to implement the a flag keeping cron (and all other base > > system daemons) from double-forking and run it under a process > > supervisor like daemontools. > > > > There are complications preventing this from being possible in a clean > way with rc.subr (stop/status/etc will break), but if we were able to > solve them we could offer the ability to run anything we wanted under > daemon(8) with the -r flag which will automatically supervise and > restart the process if it dies. The idea is protect against OOM kill. IMHO anything that has auto restart can present a security issue to be exploited. I'm a bit pragmatic, but supervises and restart a daemon without human being intervention can create a security issue. Best, > > -- > Mark Felder > ports-secteam member > feld@FreeBSD.org > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOfEmZjPQ0S=7espP0=MZV=4EbRDAmbw6k2b%2BJMV1iEEq=kJPg>