Date: Tue, 8 Apr 2014 13:02:06 +0200 From: Eduardo Morras <emorrasg@yahoo.es> To: freebsd-hackers@freebsd.org Subject: Re: pipe() resource exhaustion Message-ID: <20140408130206.e75f3bf6c6df28b6e4839e70@yahoo.es> In-Reply-To: <ab57e60fcc1c1438fcca500e3c594d35@mail.feld.me> References: <lhu0jv$r6n$1@ger.gmane.org> <ab57e60fcc1c1438fcca500e3c594d35@mail.feld.me>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Apr 2014 07:25:22 -0500 Mark Felder <feld@freebsd.org> wrote: > On 2014-04-07 06:02, Ivan Voras wrote: > > Hello, > > > > Last time I mentioned this it didn't get any attention, so I'll try > > again. By accident (via a buggy synergy server process) I found > > that a simple userland process can exhaust kernel pipe memory > > (kern.ipc.pipekva > > sysctl) which as a consequence has that new processes which use pipe > > cannot be started, which includes "su", by which an administrator > > could kill such a process. > > > > That's a pretty painful local denial of service :( Yes it is. Perhaps there should be 8% fd reserved for root, su and setuid family syscalls like in filesystem space or postgresql reserved connections for db admin. --- --- Eduardo Morras <emorrasg@yahoo.es>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140408130206.e75f3bf6c6df28b6e4839e70>