lør, 19.03.2005 kl. 15.48 skrev Konstantin Ryabitsev: > On Sat, 19 Mar 2005 15:20:50 +0100, Kyrre Ness Sjobak > <kyrre@xxxxxxxxxxxxxxxxxx> wrote: > > But bugs in (preinstalled) system software has also been known to cause > > a resource exhaustion. I had cups do this to me once (try sending a 400 > > mb postscript to gimpprint on a 128 MB RAM computer), or print to a > > remote machine called "localhost" - thats effectively a forkbomb... > > No, that's a computer with not enough memory. :) We have an OOM-killer > for such cases. A "denial of service" that results when someone tries > to run a large application with insufficient system resources is not a > security concern -- it's a feature. It's the same as trying to buy a > BMW when you only have enough money for a used Ford -- you'll get a > denial of service from the dealership, too. ;) > OOMkiller? I have lost all faith in that #"!%¤#%¤#... Situation: You have: 1. ghostscript, eating about all RAM and all SWAP (a 128 MB computer is configured with a helluva lot of swap, and it probably has a slow disk to, so getting *there* took a while...) 2. gnome-panel 3. gaim 4. a buch of other small tray applets etc. Which three++ did you think OOM killed? > Besides, you can't ulimit a process running as root anyway. Can you? Never tried.
