sbrk(2) broken
Robert Watson
rwatson at FreeBSD.org
Fri Jan 4 05:26:38 PST 2008
On Fri, 4 Jan 2008, Dag-Erling Smørgrav wrote:
> Robert Watson <rwatson at FreeBSD.org> writes:
>> Dag-Erling Smørgrav <des at des.no> writes:
>>> Robert Watson <rwatson at FreeBSD.org> writes:
>>>> The right answer is presumably to introduce a new LIMIT_SWAP, which
>>>> limits the allocation of anonymous memory by processes, and size it to
>>>> something like 90% of swap space by default.
>>> Not a good solution on its own. You need a per-process limit as well,
>>> otherwise a malloc() bomb will still cause other processes to fail
>>> randomly.
>> That was what I had in mind, the above should read RLIMIT_SWAP.
>
> You don't want the default to be so high. You want a low default, with the
> possibility for the admin to increase the limit for a particular user in
> login.conf or similar without rebooting (which is currently not possible
> since the default datasize == maxdsiz, which can only be changed in the
> kernel config or loader.conf)
I'm fine with also having global limits.
> You may also want to have a collective limit for unprivileged users, so root
> will still be able to log in if something goes wrong.
This will presumably only work for console logins, as sshd (etc) will depend
on unprivileged users, but perhaps that is fine. I'm less concerned with the
details of the implementation or policy than that we simply be able to support
even a basic policy and have it configured by default to prevent
foot-shooting.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-current
mailing list