OK, I've debugged a bit into the lucid upstart scripts:
First, I can confirm the regression.
The oom_adj patch is still in place, which is the good news. The bad
news is, that the problem is now caused by the upstart script
/etc/init/ssh.conf
Apparently the author didn't understand how the oom_a
I think the debian patch had been applied in releases after Hardy. But
the daemon only resets the oom_adj value that it was originally called
with. So in Jaunty a DHCP restart script which had the oob_adj value of
-17 itself caused the same effect. See bug report #390556.
I have not checked lucid
I have done some more investigations on the issue. I found that the
original debian patch still exists in sshd.
The problem is caused by the DHCP initialization of my network interface
during startup. The DHCP request is processed in the background while
the OpenSSH initialization script (and othe
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: openssh-server
All child processes of openssh-server inherit the oom_adj value of -17
which makes the unkillable in low memory situation. Any user logged into
the machine via ssh can cause a kernel-pa
** This bug has been flagged as a security issue
--
hardy: openssh-server oom_adj can lead to denial of service
https://bugs.launchpad.net/bugs/293000
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
--
Ubuntu-server-bu
** Bug watch added: Debian Bug tracker #480020
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480020
** Also affects: debian via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480020
Importance: Unknown
Status: Unknown
--
hardy: openssh-server oom_adj can lead to denial of se
As work-around I would suggest setting SSHD_OOM_ADJUST to 0 in
/etc/default/ssh. This allows the killing of ssh and child processes by
the OOM killer again.
--
hardy: openssh-server oom_adj can lead to denial of service
https://bugs.launchpad.net/bugs/293000
You received this bug notification bec
Public bug reported:
Binary package hint: openssh-server
The ssh init script sets the /proc/$PID/oom_adj value to -17 to avoid
being killed by the OOM killer in low memory situations. Unfortunately
all child processes of sshd inherit this setting.
So any user with ssh access can easily launch a
