Oh, my system is supposed to handle loads in the 1000s. (After all, these processes don't do something interactively and can be handled one after the other.) It shall also handle large memory allocations (over-commitment) gracefully. I can realize that on Solaris servers, why should I drop that requirement for my Linux boxes?
Anyhow, my main point was that the security of Linux kernels is painted more black in the article than it actually is. All those local-user DoS exploits are not a risk addition that is high or relevant in practice. We can and will live with it as we do right now with `normal' ability to spawn too many processes that use too much memory.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds