On Tue, Apr 12, 2011 at 08:22:00PM +0000, Philipp Kern wrote: > On 2011-04-12, Roger Leigh <rleigh@codelibre.net> wrote: > > Having multiple tmpfses with the kernel defaults means that a user or > > badly written program could intentionally or accidentally lock up the > > machine by using all available memory by filling up one or more of the > > tmpfses. And the majority /are/ user writable by default, even /run > > (via /var/lock, which is not a separate mount by default--maybe it > > should be?). /dev/shm is user writable, /tmp is user writable. > > How is that different from lock-ups due to fork bombs? If the admin > cares, he can still fence his users. (Like DSA do on their machines > by setting a sane tmpfs size limit.) It's something which is entirely preventable, and while it's possible for sysadmins to set the limits to something sane, I would really like to have something sane by default when this is possible. And for some of the filesystems in question, this is totally safe to do. Others like /var/run do vary somewhat more, but it should still be possible to do better than existing practice. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Attachment:
signature.asc
Description: Digital signature