From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] protection against resource exhaustion
Date: Tue, 27 Jan 2015 19:38:46 -0800 [thread overview]
Message-ID: <1fccf1df5e46d5fa5235a40a90a001e3@brasstown.quanstro.net> (raw)
In-Reply-To: <C8AD9779-9F94-496A-A9D1-246A7A3453E4@ar.aichi-u.ac.jp>
On Tue Jan 27 16:06:49 PST 2015, arisawa@ar.aichi-u.ac.jp wrote:
> we don’t have perfect solution.
> nevertheless, we must protect system.
why does limiting forks "protect the system"? why must be "protect the system"?
and what does that phrase mean in this context?
> if we search ideal (or nearly ideal) solution, we should assign limited resource to each user.
> however this is a big job, I believe.
>
> current plan9 system is running under shared resource model.
> under this model, it is very hard to protect system from evil-minded users.
plan 9 has no hope against malicious users. they can fill up your disk, or
use all your memory, too. i believe the quote attributed to presotto is
"we don't have quotas. ken just yells at anyone who hogs the jukebox."
nonetheless, i have experience running multi-user plan 9 systems, and users
were not usually the issue.
> keeping this model, we can do something that is, of course, imperfect (but easy to implement, I believe).
> for example:
> (a) select processes that should keep running. (with resrcwait flag, for example)
> (b) kill processe that failed to be allocated resource if it doesn’t has resrcwait flag.
>
> this strategy has following problems:
> (1) innocent processes may be killed.
> the probability is small if the origin is careless program, but can be large by evil-mined program.
> (2) error return from malloc() and fork() are disabled.
i think you've turned a problem with bounded recovery time into a
situation where the recovery code itself will inadvertently dos attack its
users.
- erik
next prev parent reply other threads:[~2015-01-28 3:38 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-25 6:16 arisawa
2015-01-25 6:59 ` mischief
2015-01-25 17:41 ` erik quanstrom
2015-01-26 11:47 ` arisawa
2015-01-26 12:46 ` cinap_lenrek
2015-01-26 14:13 ` erik quanstrom
2015-01-27 0:33 ` arisawa
2015-01-27 1:30 ` Lyndon Nerenberg
2015-01-27 4:13 ` erik quanstrom
2015-01-27 4:22 ` erik quanstrom
2015-01-27 7:03 ` arisawa
2015-01-27 7:10 ` Ori Bernstein
2015-01-27 7:15 ` lucio
2015-01-27 14:05 ` erik quanstrom
2015-01-27 7:12 ` lucio
2015-01-27 14:10 ` erik quanstrom
2015-01-28 0:10 ` arisawa
2015-01-28 3:38 ` erik quanstrom [this message]
2015-01-28 6:50 ` arisawa
2015-01-28 7:22 ` lucio
2015-01-28 7:48 ` Quintile
2015-01-28 13:13 ` cinap_lenrek
2015-01-28 14:03 ` erik quanstrom
2015-01-28 14:09 ` lucio
2015-01-28 14:14 ` erik quanstrom
2015-01-28 14:53 ` lucio
2015-01-28 17:02 ` Skip Tavakkolian
2015-01-28 14:16 ` erik quanstrom
2015-01-28 17:28 ` Charles Forsyth
2015-01-28 17:39 ` cinap_lenrek
2015-01-28 18:51 ` Charles Forsyth
2015-01-29 3:57 ` arisawa
2015-01-29 6:34 ` erik quanstrom
2015-01-29 6:42 ` erik quanstrom
2015-01-29 8:11 ` arisawa
2015-01-27 10:53 ` Charles Forsyth
2015-01-27 14:01 ` erik quanstrom
2015-01-25 9:04 ` arisawa
2015-01-25 11:06 ` Bence Fábián
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1fccf1df5e46d5fa5235a40a90a001e3@brasstown.quanstro.net \
--to=quanstro@quanstro.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).