Hello!
I won't reply to the overcommit part of your letter, since my concern
is rather local: I'm just not sure whether FreeBSD does it's best
during the DoS-attack in swapless environment.
On Mon, 13 Mar 2006, Jon Dama wrote:
Also, when the system is page-starved it kills the largest consumer of
pages that has the same UID as the process that pushed the system over the
limit---not merely the largest consumer of pages. So you see, running
critical services that carefully pre-allocate and fault their memory is
possible within the overcommit framework.
I fail to see any UID check in this code (/sys/vm/vm_pageout.c from
RELENG_4_11, the last part of vm_pageout_scan()):
/*
* If we are out of swap and were not able to reach our paging
* target, kill the largest process.
*/
if ((vm_swap_size < 64 && vm_page_count_min()) ||
(swap_pager_full && vm_paging_target() > 0)) {
#if 0
if ((vm_swap_size < 64 || swap_pager_full) && vm_page_count_min()) {
#endif
bigproc = NULL;
bigsize = 0;
for (p = allproc.lh_first; p != 0; p = p->p_list.le_next) {
/*
* if this is a system process, skip it
*/
if ((p->p_flag & P_SYSTEM) || (p->p_pid == 1) ||
((p->p_pid < 48) && (vm_swap_size != 0))) {
continue;
}
/*
* if the process is in a non-running type state,
* don't touch it.
*/
if (p->p_stat != SRUN && p->p_stat != SSLEEP) {
continue;
}
/*
* get the process size
*/
size = vmspace_resident_count(p->p_vmspace) +
vmspace_swap_count(p->p_vmspace);
/*
* if the this process is bigger than the biggest one
* remember it.
*/
if (size > bigsize) {
bigproc = p;
bigsize = size;
}
}
if (bigproc != NULL) {
killproc(bigproc, "out of swap space");
bigproc->p_estcpu = 0;
bigproc->p_nice = PRIO_MIN;
resetpriority(bigproc);
wakeup(&cnt.v_free_count);
}
}
Neither I see UID check in the fresh CURRENT.
Also, even if UID check were here, it wouldn't buy much for us, since
during the DoS attack the target is the main listener (say, sshd or sendmail),
and it always runs as root because otherwise it couldn't listen at port <
1024.
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: [EMAIL PROTECTED]
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
