From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <96d0e4dc833935103aec6f07dcb61cba@quintile.net> From: "Steve Simon" Date: Fri, 17 Apr 2009 11:29:47 +0100 To: 9fans@9fans.net In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: Quoted-Printable Subject: Re: [9fans] security questions Topicbox-Message-UUID: dffef210-ead4-11e9-9d60-3106f5b1d025 I am interested in the idea of adding some kind of resource limits to plan9. If they existsed I would probably open it up to external users, however different things would worry me: CPU use Implement the Fair share scheduler User memory Working swap would do me to fix this, but sadly rlimits would probably be easier to implement.=20 Network bandwidth Again a FSS type algorithm delaying or dropping packets could rate control the network well I think. Dialing remote ports I don't become a spam relay so some restriction must be in place, I guess this would require a minor modification to the IP stack. Fork bombs Erik's mod would help, but add a seccond threshold where after 15 seccond= s you kill the proc failed the most fork() calls - the danger here is a spa= m storm may cause listen(1) to be killed. Running out of kernel memory I don't perceive this as a problem, though this could be my lack of visio= n. My 2=C2=A2 worth. -Steve