-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/05/2011 04:38 PM, Gregory Maxwell wrote:
On Wed, Jan 5, 2011 at 4:13 PM, Adam Jackson <ajax(a)redhat.com>
wrote:
> But prevention of DoS on the part of local actors is just not a game you
> can win. If nothing else, remember that the way Linux implements
> malloc() assumes you have infinite memory, which means you overcommit
> resources, which means failure happens. You can write code that
[snip]
# echo 2 > /proc/sys/vm/overcommit_memory
# echo 0 > /proc/sys/vm/overcommit_ratio
:)
(and good luck with that!)
BTW SELinux confined users and cgroups can help somewhat
control those
nasty students, but stopping a DOS will still be difficult.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk0k5r8ACgkQrlYvE4MpobNkVgCgn1WVRz2Hh+SfFJpGRm9uAPNR
gSoAniwmk0GOsK4igotX08b/MgnBqhqa
=EFCr
-----END PGP SIGNATURE-----