From owner-freebsd-hackers@freebsd.org Thu Jan 28 00:45:58 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EEC88A6F7B7 for ; Thu, 28 Jan 2016 00:45:58 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B449C1BC5; Thu, 28 Jan 2016 00:45:58 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: by mail-ob0-x232.google.com with SMTP id is5so22700463obc.0; Wed, 27 Jan 2016 16:45:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=F1FLkobK2BbK5FX3fZtuJSrbilSvMEswhi92vhyAD2w=; b=sdsbTSQWNtENmOp0QEOOoebu+rI7joT0bvtE5nQP0arxoa5xhU83WCLZ9k8axxcFj8 AOkxPUjv8DLvrPUOSIj1eNlI9bGNYjLXKoXo4pEKcaGrs92hgM+pjAOT8tczmBlxYoaK 5wWdoNOMpK2HWrA++E3Xu4CEH7m/ymxrrs2N/T73pZuSNuKqqlm/tCo2GHE2wXOR/f87 iPUmmsGC5pTlvEbtp/PG4AS7ct5zBak89cQZS9Ew8sNoDrGsEixYR/RYlsl+Q2LyF1jh Wz2CsUzD4OF1tGXq3jM/bUbbuzVSqdOJ5nyP9tIkunyIdAOGcsOzKUydPyWKFZgqoniK M5kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=F1FLkobK2BbK5FX3fZtuJSrbilSvMEswhi92vhyAD2w=; b=bYmgZv9YwoCKARsfyd4XWx5Sepbi+puB0+h0Vf1a4nBuRT4gjmkiFbxq9MJWIns5q+ 5AegDASyQsJW5aeZyE56c9xRqvWreE1/R8mc9oisdJ9Dr+UA7baxOUune3tE+MFRso2W /Vq560rvnf4e5cOpPjcTLrhKBeGXI53JBwTCBP7BeES7+k98KFBUy8weyj93KV6VlmuJ skpewhhI+VJEq/shzUtjkCz07Ak0pEMb+IRBDqzzXjZKIWGjGvqg6meoIjho/i3OIcYE XPZso04SbLgR3YrntNWf1LKTfQP7xytJMyGSaqRpEyHYByllPfW4Fdhkb3Oo3Cmxc0wk xDQg== X-Gm-Message-State: AG10YOTHk7Ii/7+W9pS+UzCnH/c6vCp+9g3c1kt57AF69Tvrd5JoZg5Dxxtdu4feXTcDCn77AyH06TMJ8PpIOg== MIME-Version: 1.0 X-Received: by 10.182.133.37 with SMTP id oz5mr153386obb.16.1453941957936; Wed, 27 Jan 2016 16:45:57 -0800 (PST) Received: by 10.182.40.194 with HTTP; Wed, 27 Jan 2016 16:45:57 -0800 (PST) Received: by 10.182.40.194 with HTTP; Wed, 27 Jan 2016 16:45:57 -0800 (PST) Reply-To: araujo@FreeBSD.org In-Reply-To: <1453923117.431542.504383322.05A41332@webmail.messagingengine.com> References: <56A86D91.3040709@freebsd.org> <20160127072850.GG35911@ivaldir.etoilebsd.net> <56A89D7A.8080906@rlwinm.de> <1453923117.431542.504383322.05A41332@webmail.messagingengine.com> Date: Thu, 28 Jan 2016 08:45:57 +0800 Message-ID: Subject: Re: syslogd(8) with OOM Killer protection From: Marcelo Araujo To: Mark Felder Cc: freebsd-hackers@freebsd.org, Jan Bramkamp Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jan 2016 00:45:59 -0000 On Jan 28, 2016 3:32 AM, "Mark Felder" wrote: > > > > On Wed, Jan 27, 2016, at 04:35, Jan Bramkamp wrote: > > > > I would prefer to implement the a flag keeping cron (and all other base > > system daemons) from double-forking and run it under a process > > supervisor like daemontools. > > > > There are complications preventing this from being possible in a clean > way with rc.subr (stop/status/etc will break), but if we were able to > solve them we could offer the ability to run anything we wanted under > daemon(8) with the -r flag which will automatically supervise and > restart the process if it dies. The idea is protect against OOM kill. IMHO anything that has auto restart can present a security issue to be exploited. I'm a bit pragmatic, but supervises and restart a daemon without human being intervention can create a security issue. Best, > > -- > Mark Felder > ports-secteam member > feld@FreeBSD.org > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"