[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Pkg-samba-maint] Default size limits for /run (/var/run) and /run/lock (/var/lock)

On Tue, Apr 12, 2011 at 08:22:00PM +0000, Philipp Kern wrote:
> On 2011-04-12, Roger Leigh <rleigh@codelibre.net> wrote:
> > Having multiple tmpfses with the kernel defaults means that a user or
> > badly written program could intentionally or accidentally lock up the
> > machine by using all available memory by filling up one or more of the
> > tmpfses.  And the majority /are/ user writable by default, even /run
> > (via /var/lock, which is not a separate mount by default--maybe it
> > should be?).  /dev/shm is user writable, /tmp is user writable.
> How is that different from lock-ups due to fork bombs?  If the admin
> cares, he can still fence his users.  (Like DSA do on their machines
> by setting a sane tmpfs size limit.)

It's something which is entirely preventable, and while it's possible
for sysadmins to set the limits to something sane, I would really
like to have something sane by default when this is possible.  And
for some of the filesystems in question, this is totally safe to do.
Others like /var/run do vary somewhat more, but it should still be
possible to do better than existing practice.


  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: signature.asc
Description: Digital signature

Reply to: