pipe() resource exhaustion
Eduardo Morras
emorrasg at yahoo.es
Tue Apr 8 10:59:36 UTC 2014
On Mon, 7 Apr 2014 07:25:22 -0500
Mark Felder <feld at freebsd.org> wrote:
> On 2014-04-07 06:02, Ivan Voras wrote:
> > Hello,
> >
> > Last time I mentioned this it didn't get any attention, so I'll try
> > again. By accident (via a buggy synergy server process) I found
> > that a simple userland process can exhaust kernel pipe memory
> > (kern.ipc.pipekva
> > sysctl) which as a consequence has that new processes which use pipe
> > cannot be started, which includes "su", by which an administrator
> > could kill such a process.
> >
>
> That's a pretty painful local denial of service :(
Yes it is. Perhaps there should be 8% fd reserved for root, su and setuid family syscalls like in filesystem space or postgresql reserved connections for db admin.
--- ---
Eduardo Morras <emorrasg at yahoo.es>
More information about the freebsd-hackers
mailing list