-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/05/2011 04:38 PM, Gregory Maxwell wrote: > On Wed, Jan 5, 2011 at 4:13 PM, Adam Jackson <ajax@xxxxxxxxxx> wrote: >> But prevention of DoS on the part of local actors is just not a game you >> can win. If nothing else, remember that the way Linux implements >> malloc() assumes you have infinite memory, which means you overcommit >> resources, which means failure happens. You can write code that > [snip] > > # echo 2 > /proc/sys/vm/overcommit_memory > # echo 0 > /proc/sys/vm/overcommit_ratio > > :) > > (and good luck with that!) BTW SELinux confined users and cgroups can help somewhat control those nasty students, but stopping a DOS will still be difficult. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0k5r8ACgkQrlYvE4MpobNkVgCgn1WVRz2Hh+SfFJpGRm9uAPNR gSoAniwmk0GOsK4igotX08b/MgnBqhqa =EFCr -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
