Hi all, I was follwoing the thread and if possible I would like someone to elaborate on a few more points.
Which is the version of the utils in developemnt that can resolve that matter if dentry limits is applied? When was this fix applied? How does the dentry limit work and how is it configured on the host side? As herbert said "(e.g. three strikes and you're out)" how to configure that for example? Thanks and regards, -Nikolay Kichukov On Wed, 2006-06-14 at 01:10 +0200, Herbert Poetzl wrote: > On Tue, Jun 13, 2006 at 09:16:48PM +1000, Russell Kliese wrote: > > I was just reading an article on kernel trap that raised some issues about > > linux-vservers: http://kerneltrap.org/node/6492 . > > > > In particular, the following denial of service attack from within a > > vserver seemed worrying because of it's simplicity. > > > > > run a program doing `mkdir("aaa"); chdir("aaa");' in a loop inside > > > Linux-VServer VPS and see what happens. > > > > Is there work being done to prevent such DoS attacks? I have to admit > > that I haven't tested this yet and it might just be FUD, but I thought > > that I might as well ask. > > dentry limits in devel prevent this specific DoS > attack, but IMHO there will always be some way to > 'hurt' a system which is based on resource sharing, > so the best approach is to apply some policy there > (e.g. three strikes and you're out) > > best, > Herbert > > > Russell > > > > _______________________________________________ > > Vserver mailing list > > [email protected] > > http://list.linux-vserver.org/mailman/listinfo/vserver > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver -- Когато сме щастливи, сме добри. Но когато сме добри, не винаги сме щастливи... -Оскар Уайлд _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
