LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A survey of recent kernel vulnerabilities

A survey of recent kernel vulnerabilities

Posted Oct 20, 2005 20:58 UTC (Thu) by hmh (subscriber, #3838)
In reply to: A survey of recent kernel vulnerabilities by jschrod
Parent article: A survey of recent kernel vulnerabilities

I wonder if a suitably well configured linux box has this problem. We *should* be able to have the system console itself be on the highest priority chains, and locked into memory.

Anyway, ulimit is your friend, use it. If your box is not supposed to reach loads like 1000 or so, then configure it accordingly to kill any task that attempts to do so.

(Log in to post comments)

A survey of recent kernel vulnerabilities

Posted Oct 20, 2005 23:56 UTC (Thu) by jschrod (subscriber, #1646) [Link]

Oh, my system is supposed to handle loads in the 1000s. (After all, these processes don't do something interactively and can be handled one after the other.) It shall also handle large memory allocations (over-commitment) gracefully. I can realize that on Solaris servers, why should I drop that requirement for my Linux boxes?

Anyhow, my main point was that the security of Linux kernels is painted more black in the article than it actually is. All those local-user DoS exploits are not a risk addition that is high or relevant in practice. We can and will live with it as we do right now with `normal' ability to spawn too many processes that use too much memory.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds