Re: [PATCH 1/1] threads_max: Simple lockout prevention patch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nick Piggin <nickpiggin@yahoo.com.au>
To: Al Boldi <a1426z@gawab.com>
Cc: Andrew Morton <akpm@osdl.org>,
	linux-kernel@vger.kernel.org, "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: [PATCH 1/1] threads_max: Simple lockout prevention patch
Date: Tue, 25 Apr 2006 17:23:17 +1000	[thread overview]
Message-ID: <444DCE65.5050906@yahoo.com.au> (raw)
In-Reply-To: <200604241637.56637.a1426z@gawab.com>

Al Boldi wrote:
> Nick Piggin wrote:
> 
>>Al Boldi wrote:
>>
>>>Could do that by:
>>>
>>>	# echo 1 > /proc/sys/kernel/su-pid
>>>
>>>which would imply nr-threads = 1
>>>
>>>So maybe introduce /proc/sys/kernel/nr-threads to allow that to be
>>>variable, but this isn't really critical.
>>
>>Why not just have su-nr-threads?
> 
> 
> Unless I am misunderstanding you, even root/root-proc can be hit by a 
> runaway, so the threads-max limits this globally which is great, but this 
> may lock-you out of being able to control the situation based on uid only.
> 
> Thus this patch gives root the ability to allow a certain pid to exceed the 
> threads-max limit, while all other pids are still limited.

But the point is that root is able to get their pids under control,
and can't be DoSed by unpriv users. Right?

Nothing is going to be perfect, I mean the su-pid pid could get "hit
bya runaway" and is arguably worse than nr-threads-su, because it has
no upper limit and coult take down the whole system.

-- 
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com

next prev parent reply	other threads:[~2006-04-25  7:45 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-14 20:27 [PATCH 1/1] threads_max: Simple lockout prevention patch Al Boldi
2006-01-30 13:21 ` Al Boldi
2006-04-24  4:56   ` Al Boldi
2006-04-24  5:11     ` Andrew Morton
2006-04-24 11:12       ` Al Boldi
2006-04-24 11:22         ` Pekka Enberg
2006-04-24 13:53           ` Al Boldi
2006-04-24 14:11             ` Pekka Enberg
2006-04-24 14:46               ` Al Boldi
2006-04-24 16:32                 ` Pekka Enberg
2006-04-24 11:24         ` Nick Piggin
2006-04-24 13:37           ` Al Boldi
2006-04-25  7:23             ` Nick Piggin [this message]
2006-04-25 10:44               ` Al Boldi
2006-04-28 16:58         ` Al Boldi
2006-04-24  7:10     ` Theodore Ts'o

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=444DCE65.5050906@yahoo.com.au \
    --to=nickpiggin@yahoo.com.au \
    --cc=a1426z@gawab.com \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.