From: "Steve Simon" <steve@quintile.net>
To: 9fans@9fans.net
Subject: Re: [9fans] security questions
Date: Fri, 17 Apr 2009 11:29:47 +0100 [thread overview]
Message-ID: <96d0e4dc833935103aec6f07dcb61cba@quintile.net> (raw)
In-Reply-To: <c79bf8fd88b26d8f6344869098ae7239@terzarima.net>
I am interested in the idea of adding some kind of resource limits
to plan9. If they existsed I would probably open it up to external
users, however different things would worry me:
CPU use
Implement the Fair share scheduler
User memory
Working swap would do me to fix this, but sadly rlimits would probably
be easier to implement.
Network bandwidth
Again a FSS type algorithm delaying or dropping packets could rate
control the network well I think.
Dialing remote ports
I don't become a spam relay so some restriction must be in place,
I guess this would require a minor modification to the IP stack.
Fork bombs
Erik's mod would help, but add a seccond threshold where after 15 secconds
you kill the proc failed the most fork() calls - the danger here is a spam
storm may cause listen(1) to be killed.
Running out of kernel memory
I don't perceive this as a problem, though this could be my lack of vision.
My 2¢ worth.
-Steve
next prev parent reply other threads:[~2009-04-17 10:29 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-16 17:47 Devon H. O'Dell
2009-04-16 18:30 ` erik quanstrom
2009-04-16 19:14 ` Venkatesh Srinivas
2009-04-16 20:10 ` Devon H. O'Dell
2009-04-16 20:19 ` Devon H. O'Dell
2009-04-17 4:48 ` lucio
2009-04-17 5:03 ` Eris Discordia
2009-04-17 9:47 ` lucio
2009-04-17 10:24 ` Eris Discordia
2009-04-17 11:55 ` lucio
2009-04-17 13:08 ` Eris Discordia
2009-04-17 14:15 ` gdiaz
2009-04-17 16:39 ` lucio
[not found] ` <6FD675BC714D323BF959A53B@192.168.1.2>
2009-04-17 16:15 ` Robert Raschke
2009-04-17 20:12 ` John Barham
2009-04-17 21:40 ` blstuart
2009-04-17 16:32 ` [9fans] VMs, etc. (was: Re: security questions) blstuart
2009-04-17 17:11 ` tlaronde
2009-04-17 17:29 ` erik quanstrom
2009-04-17 18:18 ` tlaronde
2009-04-17 19:00 ` erik quanstrom
2009-04-17 18:50 ` blstuart
2009-04-17 18:31 ` blstuart
2009-04-17 18:45 ` erik quanstrom
2009-04-17 18:59 ` blstuart
2009-04-17 19:05 ` erik quanstrom
2009-04-17 20:21 ` blstuart
2009-04-18 14:54 ` erik quanstrom
2009-04-18 16:06 ` Mechiel Lukkien
2009-04-19 20:52 ` blstuart
2009-04-20 17:30 ` [9fans] VMs, etc maht
2009-04-20 17:44 ` erik quanstrom
2009-04-20 17:47 ` Devon H. O'Dell
2009-04-20 17:49 ` maht
2009-04-17 19:39 ` [9fans] VMs, etc. (was: Re: security questions) tlaronde
2009-04-17 21:25 ` blstuart
2009-04-17 21:59 ` tlaronde
2009-04-17 23:41 ` Mechiel Lukkien
2009-04-17 18:59 ` Eris Discordia
2009-04-17 21:38 ` blstuart
[not found] ` <1322FA0842063D3D53C712DC@192.168.1.2>
2009-04-17 20:07 ` J.R. Mauro
2009-04-17 19:02 ` lucio
2009-04-17 21:01 ` blstuart
2009-04-18 5:25 ` lucio
2009-04-19 20:19 ` blstuart
2009-04-17 19:16 ` [9fans] Plan9 - the next 20 years Steve Simon
2009-04-17 19:39 ` J.R. Mauro
2009-04-17 19:43 ` tlaronde
2009-04-17 19:56 ` J.R. Mauro
2009-04-17 20:14 ` Eric Van Hensbergen
2009-04-17 20:18 ` Benjamin Huntsman
2009-04-18 4:26 ` erik quanstrom
2009-04-17 20:29 ` J.R. Mauro
2009-04-18 3:56 ` erik quanstrom
2009-04-18 4:12 ` J.R. Mauro
2009-04-18 4:16 ` erik quanstrom
2009-04-18 5:51 ` J.R. Mauro
2009-04-18 12:52 ` Steve Simon
2009-04-17 20:20 ` John Barham
2009-04-16 20:51 ` [9fans] security questions erik quanstrom
2009-04-16 21:49 ` Devon H. O'Dell
2009-04-16 22:19 ` erik quanstrom
2009-04-16 23:36 ` Devon H. O'Dell
2009-04-17 0:00 ` erik quanstrom
2009-04-17 1:25 ` Devon H. O'Dell
2009-04-17 1:54 ` erik quanstrom
2009-04-17 2:17 ` Devon H. O'Dell
2009-04-17 2:23 ` erik quanstrom
2009-04-17 2:33 ` Devon H. O'Dell
2009-04-17 2:43 ` J.R. Mauro
2009-04-17 5:48 ` john
2009-04-17 5:52 ` Bruce Ellis
2009-04-17 5:52 ` andrey mirtchovski
2009-04-17 5:57 ` Bruce Ellis
2009-04-17 9:26 ` Charles Forsyth
2009-04-17 10:29 ` Steve Simon [this message]
2009-04-17 11:04 ` Mechiel Lukkien
2009-04-17 11:36 ` lucio
2009-04-17 11:40 ` lucio
2009-04-17 11:51 ` erik quanstrom
2009-04-17 12:06 ` erik quanstrom
2009-04-17 13:52 ` Steve Simon
2009-04-17 1:59 ` Russ Cox
2009-04-17 12:07 ` maht
2009-04-17 2:07 ` Bakul Shah
2009-04-17 2:19 ` Devon H. O'Dell
2009-04-17 6:33 ` Bakul Shah
2009-04-17 9:51 ` lucio
2009-04-17 11:34 ` erik quanstrom
2009-04-17 12:14 ` Devon H. O'Dell
2009-04-17 18:29 ` Bakul Shah
2009-04-17 11:59 ` Devon H. O'Dell
2009-04-17 5:06 ` Eris Discordia
2009-04-17 8:36 ` Richard Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=96d0e4dc833935103aec6f07dcb61cba@quintile.net \
--to=steve@quintile.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).