On 10/8/18 2026 UTC, Zebediah Figura wrote:
On 08/10/18 2000 UTC, John Reiser wrote:
Allowing 1M open files per unprivileged process is too many.
Megabytes of RAM are precious. A hard limit of 1M open files per process
allows each process to eat at least 256MB (1M * sizeof(struct file)
[linux/fs.h]) of RAM. If a single user is allowed 1000 processes,
then that's 256GB of RAM, which is a Denial-of-Service attack.
Yes, 4096 open files is not enough. Raise it to 65536.
Correct me if I'm wrong, but wouldn't this be capped by the system-wide
limit (i.e. it would hit ENFILE) before presenting a problem?
That means that a different DoS can happen even sooner,
at (ENFILE / 1M) processes. No other process could open() a file.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
