Date: Thu, 6 Sep 2001 20:25:20 -0400 From: Steve Shorter <steve@nomad.lets.net> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: steve@nomad.tor.lets.net, freebsd-security@freebsd.org Subject: Re: when mail full /tmp partition, system cracked Message-ID: <20010906202520.B44397@nomad.lets.net> In-Reply-To: <20010906170731.A18984@sheol.localdomain>; from hawkeyd@visi.com on Thu, Sep 06, 2001 at 05:07:31PM -0500 References: <20010906170731.A18984@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2001 at 05:07:31PM -0500, D J Hawkey Jr wrote: > Is "the largest process" selective, to some degree or another? That is, > will it (can it?) discern a "more valuable" process from a "lesser one"? > > Can it be told to kill off the last process started, as opposed to the > largest? I myself would find this preferable in many cases. Actually, I was running a process that was killed because it was largest, but this process happened to be essential to the system function. It is easy to modify the kernel source to be more selective. I choose to kill only processes with uid > somenumber, since in the context of my particular system, I trust those processes not to hose it and/or have set appropriate resource limits. Check out the source in sys/vm/vm_pageout.c around if ((p->p_flag & P_SYSTEM) || (p->p_lock > 0) || (p->p_pid == 1) || ((p->p_pid < 48) && (vm_swap_size != 0))) { continue; } You need to search for the definitions of struct proc (which p points to) in /usr/include/sys/proc.h. Enjoy your kernel hacking! -steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010906202520.B44397>