On 2018-11-07, Daniel Colascione <dancol@xxxxxxxxxx> wrote: > On Wed, Nov 7, 2018 at 4:00 PM, Michal Hocko <mhocko@xxxxxxxxxx> wrote: > > On Wed 07-11-18 15:48:20, Daniel Colascione wrote: > >> On Tue, Nov 6, 2018 at 1:05 PM, Michal Hocko <mhocko@xxxxxxxxxx> wrote: > >> > otherwise anybody could simply DoS the system > >> > by consuming all available pids. > >> > >> People can do that today using the instrument of terror widely known > >> as fork(2). The only thing standing between fork(2) and a full process > >> table is RLIMIT_NPROC. > > > > not really. > > What else, besides memory consumption and (as you mention below) > cgroups? In practice, nobody uses RLIMIT_NPROC, so outside of various > container-y namespaced setups, avoidance of > system-DoS-through-PID-exhaustion isn't a pressing problem. systemd has had a default pid cgroup controller policy (for both user and system slices) for a quite long time. I believe that the most recent version of most enterprise and community distributions support it by default (and probably even some older versions -- commit 49b786ea146f was merged in 2015 and I think systemd grew support for it in 2016). I agree with your overall point, but it should be noted that the vast majority of Linux systems these days have protections against this (by default) that use the pids cgroup controller. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature