Bug#341767: simple script causes sshd to run out of memory and die

[Florian Weimer <fw@deneb.enyo.de>]

* Matthew Vernon:

>  > Dec  1 21:37:40 mpiblaster kernel: HighMem: empty
>  > Dec  1 21:37:40 mpiblaster kernel: Swap cache: add 0, delete 0, find 0/0, race 0+0
>  > Dec  1 21:37:40 mpiblaster kernel: Out of Memory: Killed process 19833 (sshd).
>  > 
>  > While infinite recursion is certainly a error in the script, it should
>  > not cause sshd to die. Because it kills sshd, a malicious user can
>  > prevent anyone from logging in via ssh until the daemon is restarted.
>  
> What is happening here is that you are running your entire system out
> of memory, and the kernel is then killing a process (as it will do if
> it runs out of system memory).
>
> This is the expected behaviour of the system.

Yes, but "expected" in the sense of "we know that this is a problem".

If you run a recent kernel and put "vm.overcommit_memory = 2" into
/etc/sysctl.conf (and rebot or run "sysctl vm.overcommit_memory=2"),
the kernel should terminate the process which is the real culprit, and
not kill some innocent bystander.

(By the way, it might make sense to change the OOM priority for sshd.)