Any particular reason we don't have sshd oomprotected by default?

Reply: Robert Clausecker : "Re: Any particular reason we don't have sshd oomprotected by default?"
Reply: Philip Paeps : "Re: Any particular reason we don't have sshd oomprotected by default?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alexander Leidinger <Alexander_at_Leidinger.net>
Date: Thu, 09 Nov 2023 07:54:22 UTC

Hi,

We have syslogd oomprotected by default (/etc/defaults/rc.conf). Is 
there a particular reason we don't have sshd protected the same way?

Any objections if I would commit such a change (sshd_oomprotect=YES in 
defaults/rc.conf)?

I was also thinking about which other daemon we should protect by 
default, but apart from the need to make sure important logs are written 
to find issues which may have caused the oom trigger, and the need to be 
able to login to such a troubled system, I didn't see any other service 
as such critical (we could argue about ntpd, but I send to be on the 
"may be protected" (not for my use cases) and not to be on the "has to 
be protected" side) to include it in this proposal.

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF