Date: Thu, 6 Sep 2001 20:25:20 -0400 From: Steve Shorter <steve@nomad.lets.net> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: steve@nomad.tor.lets.net, freebsd-security@freebsd.org Subject: Re: when mail full /tmp partition, system cracked Message-ID: <20010906202520.B44397@nomad.lets.net> In-Reply-To: <20010906170731.A18984@sheol.localdomain>; from hawkeyd@visi.com on Thu, Sep 06, 2001 at 05:07:31PM -0500 References: <20010906170731.A18984@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2001 at 05:07:31PM -0500, D J Hawkey Jr wrote:
> Is "the largest process" selective, to some degree or another? That is,
> will it (can it?) discern a "more valuable" process from a "lesser one"?
>
> Can it be told to kill off the last process started, as opposed to the
> largest? I myself would find this preferable in many cases.
Actually, I was running a process that was killed because
it was largest, but this process happened to be essential to the
system function. It is easy to modify the kernel source to be more
selective. I choose to kill only processes with uid > somenumber,
since in the context of my particular system, I trust those processes
not to hose it and/or have set appropriate resource limits.
Check out the source in sys/vm/vm_pageout.c around
if ((p->p_flag & P_SYSTEM) || (p->p_lock > 0) ||
(p->p_pid == 1) ||
((p->p_pid < 48) && (vm_swap_size != 0))) {
continue;
}
You need to search for the definitions of struct proc (which p points
to) in /usr/include/sys/proc.h.
Enjoy your kernel hacking!
-steve
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010906202520.B44397>