On Sunday 03 June 2007 19:01:21 Nix wrote: > On 1 Jun 2007, Jens Axboe told this: > > I think Anand is assuming that because syslog may coalesce identical > > messages into "repeated foo times" in the messages file, that it's not a > > dos. That is of course wrong. > > Not all syslog daemons do that, anyway. (syslog-ng doesn't, for one.)
That syslog-ng doesn't coalesce repeated messages into a single line doesn't make a difference. The printk_ratelimit stuff is supposed to make it very hard to DOS a system by flooding syslog, but that doesn't mean its impossible. The point of this discussion was that having a part of the kernel log a message about a fork-bomb was a very large whole that could be used to DOS a system by flooding the syslog. (In fact, IIRC, the printk_ratelimit (and somebody, please correct me if I'm wrong) stuff uses a ring buffer and seriously spamming syslog, like the patch that spawned this thread would have done, could cause you to lose potentially important messages) DRH - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
