On Tue, Jun 13, 2006 at 09:16:48PM +1000, Russell Kliese wrote: > I was just reading an article on kernel trap that raised some issues about > linux-vservers: http://kerneltrap.org/node/6492 . > > In particular, the following denial of service attack from within a > vserver seemed worrying because of it's simplicity. > > > run a program doing `mkdir("aaa"); chdir("aaa");' in a loop inside > > Linux-VServer VPS and see what happens. > > Is there work being done to prevent such DoS attacks? I have to admit > that I haven't tested this yet and it might just be FUD, but I thought > that I might as well ask.
dentry limits in devel prevent this specific DoS attack, but IMHO there will always be some way to 'hurt' a system which is based on resource sharing, so the best approach is to apply some policy there (e.g. three strikes and you're out) best, Herbert > Russell > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
