* Kamil Paral:
> From a technical point of view I'm not able to judge whether raising
> the fileno limits by default is a trivial change or something with
> important security implications.
It has implications for reliability (and perhaps security). File
descriptors can refer to sockets, and each socket can have a fairly
large amount of unswappable kernel memory associated with it. This
memory is not tracked along with the process that created the sockets or
has them opened, so the OOM killer does not take it into account when
selecting processes to terminate.
The attached script, when run with “python3 many-sockets.py 50000” as a
regular user, after raising the limit, tricks the OOM killer into
terminating processes. Important processes such as systemd-journal fail
because the OOM killer cannot recover any memory. It even terminates
processes which are already fully swapped out.
I think a reasonable file descriptor limit is an important safety net.
Thanks,
Florian
import socket
import errno
import sys
count, = sys.argv[1:]
count = int(count)
blob = b"X" * 100
socket_list = [] # Keep all sockets open.
for n in range(count):
sockets = socket.socketpair(
socket.AF_UNIX, socket.SOCK_STREAM | socket.SOCK_NONBLOCK, 0)
for sock in sockets:
while True:
try:
sock.send(blob)
except BlockingIOError:
break
socket_list.append(sock)
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
