From: Mechiel Lukkien <mechiel@xs4all.nl>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] security questions
Date: Fri, 17 Apr 2009 13:04:49 +0200 [thread overview]
Message-ID: <20090417110449.GD8655@knaagkever.ueber.net> (raw)
In-Reply-To: <96d0e4dc833935103aec6f07dcb61cba@quintile.net>
On Fri, Apr 17, 2009 at 11:29:47AM +0100, Steve Simon wrote:
> I am interested in the idea of adding some kind of resource limits
> to plan9. If they existsed I would probably open it up to external
> users, however different things would worry me:
>
> CPU use
> Implement the Fair share scheduler
>
> User memory
> Working swap would do me to fix this, but sadly rlimits would probably
> be easier to implement.
>
> Network bandwidth
> Again a FSS type algorithm delaying or dropping packets could rate
> control the network well I think.
>
> Dialing remote ports
> I don't become a spam relay so some restriction must be in place,
> I guess this would require a minor modification to the IP stack.
>
> Fork bombs
> Erik's mod would help, but add a seccond threshold where after 15 secconds
> you kill the proc failed the most fork() calls - the danger here is a spam
> storm may cause listen(1) to be killed.
>
> Running out of kernel memory
> I don't perceive this as a problem, though this could be my lack of vision.
of all the resource capping on a public plan 9 server, i would say the
limits should be per user. not per-process (group) limits or similar.
i don't know how feasable that (accounting) is.
e.g. make sure a single user gets at most e.g. 50% of all available
resources (memory, procs, cpu time). seems fairest to me. leftover cpu
time can be given to active users. leftover memory should probably just
go unused (unless you want to start with swap, which lets you scale a
bit further but has limits too). if the per-user memory is too low,
just add more memory so it won't be. then at least multiple users can
use the system and a single one cannot lock it up.
dialing to the outside is perhaps easiest with an external firewall
(e.g. on adsl modem, they all have one nowadays). same for bandwidth
limiting. that won't fairly share the network bandwidth among the users
though of the cpu servers, but will leave your home connection usable.
then there is "none". anyone can become none, and services run as
none (at least initially). with per-user limits, anyone can hog none's
resources, leaving none left for network services (which other users
need to login). perhaps this is the reason per-user limits won't work?
or what would be the impact of disallowing becoming none for
non-hostowners? normal users might not need it?
mjl
next prev parent reply other threads:[~2009-04-17 11:04 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-16 17:47 Devon H. O'Dell
2009-04-16 18:30 ` erik quanstrom
2009-04-16 19:14 ` Venkatesh Srinivas
2009-04-16 20:10 ` Devon H. O'Dell
2009-04-16 20:19 ` Devon H. O'Dell
2009-04-17 4:48 ` lucio
2009-04-17 5:03 ` Eris Discordia
2009-04-17 9:47 ` lucio
2009-04-17 10:24 ` Eris Discordia
2009-04-17 11:55 ` lucio
2009-04-17 13:08 ` Eris Discordia
2009-04-17 14:15 ` gdiaz
2009-04-17 16:39 ` lucio
[not found] ` <6FD675BC714D323BF959A53B@192.168.1.2>
2009-04-17 16:15 ` Robert Raschke
2009-04-17 20:12 ` John Barham
2009-04-17 21:40 ` blstuart
2009-04-17 16:32 ` [9fans] VMs, etc. (was: Re: security questions) blstuart
2009-04-17 17:11 ` tlaronde
2009-04-17 17:29 ` erik quanstrom
2009-04-17 18:18 ` tlaronde
2009-04-17 19:00 ` erik quanstrom
2009-04-17 18:50 ` blstuart
2009-04-17 18:31 ` blstuart
2009-04-17 18:45 ` erik quanstrom
2009-04-17 18:59 ` blstuart
2009-04-17 19:05 ` erik quanstrom
2009-04-17 20:21 ` blstuart
2009-04-18 14:54 ` erik quanstrom
2009-04-18 16:06 ` Mechiel Lukkien
2009-04-19 20:52 ` blstuart
2009-04-20 17:30 ` [9fans] VMs, etc maht
2009-04-20 17:44 ` erik quanstrom
2009-04-20 17:47 ` Devon H. O'Dell
2009-04-20 17:49 ` maht
2009-04-17 19:39 ` [9fans] VMs, etc. (was: Re: security questions) tlaronde
2009-04-17 21:25 ` blstuart
2009-04-17 21:59 ` tlaronde
2009-04-17 23:41 ` Mechiel Lukkien
2009-04-17 18:59 ` Eris Discordia
2009-04-17 21:38 ` blstuart
[not found] ` <1322FA0842063D3D53C712DC@192.168.1.2>
2009-04-17 20:07 ` J.R. Mauro
2009-04-17 19:02 ` lucio
2009-04-17 21:01 ` blstuart
2009-04-18 5:25 ` lucio
2009-04-19 20:19 ` blstuart
2009-04-17 19:16 ` [9fans] Plan9 - the next 20 years Steve Simon
2009-04-17 19:39 ` J.R. Mauro
2009-04-17 19:43 ` tlaronde
2009-04-17 19:56 ` J.R. Mauro
2009-04-17 20:14 ` Eric Van Hensbergen
2009-04-17 20:18 ` Benjamin Huntsman
2009-04-18 4:26 ` erik quanstrom
2009-04-17 20:29 ` J.R. Mauro
2009-04-18 3:56 ` erik quanstrom
2009-04-18 4:12 ` J.R. Mauro
2009-04-18 4:16 ` erik quanstrom
2009-04-18 5:51 ` J.R. Mauro
2009-04-18 12:52 ` Steve Simon
2009-04-17 20:20 ` John Barham
2009-04-16 20:51 ` [9fans] security questions erik quanstrom
2009-04-16 21:49 ` Devon H. O'Dell
2009-04-16 22:19 ` erik quanstrom
2009-04-16 23:36 ` Devon H. O'Dell
2009-04-17 0:00 ` erik quanstrom
2009-04-17 1:25 ` Devon H. O'Dell
2009-04-17 1:54 ` erik quanstrom
2009-04-17 2:17 ` Devon H. O'Dell
2009-04-17 2:23 ` erik quanstrom
2009-04-17 2:33 ` Devon H. O'Dell
2009-04-17 2:43 ` J.R. Mauro
2009-04-17 5:48 ` john
2009-04-17 5:52 ` Bruce Ellis
2009-04-17 5:52 ` andrey mirtchovski
2009-04-17 5:57 ` Bruce Ellis
2009-04-17 9:26 ` Charles Forsyth
2009-04-17 10:29 ` Steve Simon
2009-04-17 11:04 ` Mechiel Lukkien [this message]
2009-04-17 11:36 ` lucio
2009-04-17 11:40 ` lucio
2009-04-17 11:51 ` erik quanstrom
2009-04-17 12:06 ` erik quanstrom
2009-04-17 13:52 ` Steve Simon
2009-04-17 1:59 ` Russ Cox
2009-04-17 12:07 ` maht
2009-04-17 2:07 ` Bakul Shah
2009-04-17 2:19 ` Devon H. O'Dell
2009-04-17 6:33 ` Bakul Shah
2009-04-17 9:51 ` lucio
2009-04-17 11:34 ` erik quanstrom
2009-04-17 12:14 ` Devon H. O'Dell
2009-04-17 18:29 ` Bakul Shah
2009-04-17 11:59 ` Devon H. O'Dell
2009-04-17 5:06 ` Eris Discordia
2009-04-17 8:36 ` Richard Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090417110449.GD8655@knaagkever.ueber.net \
--to=mechiel@xs4all.nl \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).