On Tue, 10.05.11 02:17, Miloslav TrmaÄ (mitr@xxxxxxxx) wrote: > On Tue, May 10, 2011 at 1:33 AM, Lennart Poettering > <mzerqung@xxxxxxxxxxx> wrote: > > On Tue, 10.05.11 01:31, Miloslav TrmaÄ (mitr@xxxxxxxx) wrote: > > > >> > >> 2011/5/10 Stephen John Smoogen <smooge@xxxxxxxxx>: > >> > Let's make this simple: > >> > > >> > FAQ: How can I make my system unusable? How can I create a denial of service? > >> > > >> > Answer: On default systems there are multiple ways to do this, please > >> > choose one or more of the following: > >> > >> That's all true, on the other hand there are countermeasures > >> available; in larger organizations the countermeasures are documented, > >> configured on each system, and their presence is periodically > >> verified. > > > > Countermeasures for the /dev/shm issue? I don't know of any. tmpfs > > doesn't do quota. That's the key problem here. > > mount options, file permissions, SELinux. Perhaps not something that > you'd want to do on a general-purpose desktop, but quite reasonable > for a single-purpose server. No. mount options, file permissions, SELinux don't allow you to fix the quota issue with /dev/shm. On the current kernel /dev/shm cannot be secured properly. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
