-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/05/2011 04:38 PM, Gregory Maxwell wrote:
On Wed, Jan 5, 2011 at 4:13 PM, Adam Jackson ajax@redhat.com wrote:
But prevention of DoS on the part of local actors is just not a game you can win. If nothing else, remember that the way Linux implements malloc() assumes you have infinite memory, which means you overcommit resources, which means failure happens. You can write code that
[snip]
# echo 2 > /proc/sys/vm/overcommit_memory # echo 0 > /proc/sys/vm/overcommit_ratio
:)
(and good luck with that!)
BTW SELinux confined users and cgroups can help somewhat control those nasty students, but stopping a DOS will still be difficult.