On 08/10/18 16:43, John Reiser wrote: > On 10/8/18 2026 UTC, Zebediah Figura wrote: >> On 08/10/18 2000 UTC, John Reiser wrote: >>> Allowing 1M open files per unprivileged process is too many. >>> >>> Megabytes of RAM are precious. A hard limit of 1M open files per >>> process >>> allows each process to eat at least 256MB (1M * sizeof(struct file) >>> [linux/fs.h]) of RAM. If a single user is allowed 1000 processes, >>> then that's 256GB of RAM, which is a Denial-of-Service attack. >>> >>> Yes, 4096 open files is not enough. Raise it to 65536. >>> >> >> Correct me if I'm wrong, but wouldn't this be capped by the system-wide >> limit (i.e. it would hit ENFILE) before presenting a problem? > > That means that a different DoS can happen even sooner, > at (ENFILE / 1M) processes. No other process could open() a file. Sure, but in order to prevent that you'd almost always need to *lower* NOFILE. I don't know what kind of policies Fedora (or any other distribution) has regarding this kind of attack mitigation, but it seems dubious to me that this is worth doing. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
