On Mon, Oct 08, 2018 at 01:00:01PM -0700, John Reiser wrote: > Allowing 1M open files per unprivileged process is too many. > > Megabytes of RAM are precious. A hard limit of 1M open files per process > allows each process to eat at least 256MB (1M * sizeof(struct file) > [linux/fs.h]) of RAM. If a single user is allowed 1000 processes, > then that's 256GB of RAM, which is a Denial-of-Service attack. AFAICT, the TCP receive buffer size is about 200 KB per socket. With the current nfile=4096, it looks like a single process can already consume 200 KB * 4096 = ~800 MB of RAM just by using TCP sockets. IOW, does the nfiles limit make a real world difference to avoiding memory DOS, if you can just pick a different DOS attack vector instead ? Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
