On Wed, Jan 5, 2011 at 4:13 PM, Adam Jackson ajax@redhat.com wrote:
But prevention of DoS on the part of local actors is just not a game you can win. If nothing else, remember that the way Linux implements malloc() assumes you have infinite memory, which means you overcommit resources, which means failure happens. You can write code that
[snip]
# echo 2 > /proc/sys/vm/overcommit_memory # echo 0 > /proc/sys/vm/overcommit_ratio
:)
(and good luck with that!)