Critical Vulnerabilities in Samba
Posted May 17, 2007 10:00 UTC (Thu) by tialaramex
In reply to: Critical Vulnerabilities in Samba
Parent article: Critical Vulnerabilities in Samba
Some very conservatively written pieces of software do handle failed memory allocation. It's easier (possible) to do this if for your software 'nothing happens' is considered to be an acceptable consequence of such a dire problem. e.g. as far as I know the 'init' process will simply fail to launch a new process, wait a while and try again later. Several other daemons have been written so that their behaviour degrades gracefully if allocations start failing after they reach their idle state.
For user interactive application software you're right that it's normally doom, if you can't get memory to draw a picture, you may not be able to get enough memory to pop up a dialog which says "Out of memory" either.
In any case it's not acceptable for a serious security problem to occur as a result of lack of available memory. At worst this should cause a temporary denial of service.
to post comments)