[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: MS Internet Explorer 7 Denial Of Service Exploit
> On Konqueror 3.5.9, what happens is that this childish code builds a
> huge string, eats memory, causes swapping, and finally blows away
> Konq. Linux and X and everything else stay up and recover nicely.
> (Gentoo/AMD64X2/3G mem)
> This isn't an exploit -- at least not on Linux -- it's just kiddie
> stupidity. It doesn't take any particular cleverness to blow memory by
> dynamically creating bigger and bigger data structures. With virtual
> memory and 64-bit pointers, when exactly do we return -ENOMEM?
When RLIMIT_AS has been exceeded.
If you disable the use of mmap'd-malloc() via mallopt(M_MMAP_MAX, 0),
you can effectively limit malloc() via RLIMIT_DATA.
If you really want to allow a single process to use all available RAM
for itself, you can; but you don't have to.
It might be nice if the browser limited the amount of memory which
Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>