From owner-freebsd-security@FreeBSD.ORG Fri Apr 6 14:23:27 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C52EA16A401 for ; Fri, 6 Apr 2007 14:23:27 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 9397213C44C for ; Fri, 6 Apr 2007 14:23:26 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=l1FRrn4fG7GO3B2TY2cDn+Ry/jaSdp499SEIFVVdpnjeLC+jYHN9UMKwJUx2wqawji2s5hmPIT5cLljgMvC9VyM6kgLjz/qN+rt0xKBkazzfPXt4KBVmt1NuhmNYfVUAGyvFXIL/6Bp1HWuDLZva+atY2ihF4f5sizNMrqZxlhU=; Received: from twilight (daemon.grid.kiae.ru [144.206.66.47]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1HZpLZ-0000ca-7K; Fri, 06 Apr 2007 18:23:25 +0400 Date: Fri, 6 Apr 2007 18:23:21 +0400 From: Eygene Ryabinkin To: G Hasse Message-ID: <20070406142321.GC11667@twilight.grid.kiae.ru> References: <20070406145008.GA88336@mail.raditex.se> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20070406145008.GA88336@mail.raditex.se> Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-3.4 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 Cc: freebsd-security@freebsd.org Subject: Re: The best way to protect against starvation? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Apr 2007 14:23:27 -0000 G?ran, good day. Fri, Apr 06, 2007 at 04:50:08PM +0200, G Hasse wrote: > If an ordinary user runs: > > -- snip -- > cat > starv.c < main(){ char *point; while(1) { point = ( char * ) malloc(10000); }} > EOF > cc starv.c > while true > do > ./a.out & > done > -- snip -- > > This will fast starv the operating system (FreeBSD 6.2). Yep, the combined malloc/fork bomb. > I have tried to > limit the number of processes and the amount of memmory consumed (in > login.conf). And had any success? I am happening to run some servers for the schoolboys -- they like to do the bombing and I had partial success with the 'maxproc', 'memoryuse' and '{data,stack}size'. But even with the tight limits that are just making the people to get the 'man ' work three of four students can starvate the server resources (though the server is rather old and has some 64 Mb of memory). Having the per-group cumulative restrictions in the login.conf would mitigate the issue, but still, the united efforts of many people from the different groups can provoke the starvation. > There is also a file /etc/malloc.conf - but I don't understand if this > could help? Any advice? 'man malloc.conf', but in short, this will not help you much with this issue. -- Eygene