Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S266220AbTIKH3N (ORCPT ); Thu, 11 Sep 2003 03:29:13 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S266223AbTIKH3N (ORCPT ); Thu, 11 Sep 2003 03:29:13 -0400 Received: from parcelfarce.linux.theplanet.co.uk ([195.92.249.252]:15763 "EHLO www.linux.org.uk") by vger.kernel.org with ESMTP id S266220AbTIKH3L (ORCPT ); Thu, 11 Sep 2003 03:29:11 -0400 Date: Thu, 11 Sep 2003 08:29:09 +0100 From: viro@parcelfarce.linux.theplanet.co.uk To: Keith Owens Cc: linux-kernel@vger.kernel.org Subject: Re: Local DoS on single_open? Message-ID: <20030911072909.GT454@parcelfarce.linux.theplanet.co.uk> References: <3F5FFF3D.9040707@cyberone.com.au> <5196.1063263888@kao2.melbourne.sgi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5196.1063263888@kao2.melbourne.sgi.com> User-Agent: Mutt/1.4.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 899 Lines: 23 On Thu, Sep 11, 2003 at 05:04:48PM +1000, Keith Owens wrote: > On Thu, 11 Sep 2003 14:51:09 +1000, > Nick Piggin wrote: > >Keith Owens wrote: > > > >>single_open() requires the kernel to kmalloc a buffer which lives until > >>the userspace caller closes the file. What prevents a malicious user > >>opening the same /proc entry multiple times, allocating lots of kmalloc > >>space and causing a local DoS? > >> > >> > > > >ulimit? > > ulimit has no effect on kmalloc usage. You do realize that struct file is also kmalloc'ed? So are dentries and inodes, for that matter. It's the same situation as with pipes and sockets. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/