[ Dejan Lozanovic @ 12.11.2001. 22:00 ] @
| Da li moze gde i kako da se regulise koliko svaki korisnik moze da ima istevrremeno aktivnih procesa i koliko moze da da maximalno alocira memorije pod linuxom i UNIXOM uopste.
Jedno malo parce koda bi moglo da ilustruje sjajan local DoS, i jos ako udarimo neki malloc, ode mast u propast sto bi neki rekli
#include <unistd.h>
#include <stdio.h>
void
main(void)
{
while(1)
{
fork();
printf("cao iz %d,pozvao me %d\n",getpid(),getppid());
}
} |
[ Jovan Marjanovic @ 13.11.2001. 11:01 ] @
evo ti jos bolji primer -
void main()
{
while(fork())
do fork();
}
[ Gojko Vujovic @ 13.11.2001. 12:03 ] @
Sa ulimit možeš da postaviš neke granice..
[ Dejan Lozanovic @ 13.11.2001. 13:19 ] @
Citat:
Gojko Vujovic je napisao:
Sa ulimit možeš da postaviš neke granice..
Eh divno a kako se to koristi :)))), u manu nema ama bas nista a isti text imam i pod info :)
[ Pauli @ 13.11.2001. 14:52 ] @
# login.conf - login class capabilities database.
# Remember to rebuild the database after each
# change to this file:
# cap_mkdb /etc/login.conf
# This file controls resource limits, accounting
# limits and default user environment settings.
# $FreeBSD: src/etc/login.conf,v 1.34.2.2
dakle, /etc/login.conf
[ Dusan Marjanovic @ 13.11.2001. 15:47 ] @
Koriste se i getrlimit i setrlimit, za citanje trenutnih hard i soft limita odnosno za postavljanje istih. soft limiti su pod-limiti hard limita, znaci mogu da idu do velicine koja je ogranicena hard limitom, pritom proces moze da menja svoje soft limite kako god zeli u granicama hard limita dok hard limite moze samo da smanjuje a nikako i povecava, to moze da radi samo root. Evo deo iz "Design and Implementation of the 4.4 BSD Operating System" koji govori o tome sta sve moze da se limitira
Resource Limits
The kernel alse supports limiting of certain per-process resources. These resources include
- The maximum amount of CPU time that can be accumulated
- The maximum bytes that a process can request be locked into memory
- The maximum size of a file that can be created by a process
- The maximum size of a process`s data segment
- The maximum size of a process`s stack segment
- The maximum size of a core file that can be created by a process
- The maximum number of simultaneous processes allowed to a user
- The maximum number of simultaneous open files for a process
- The maximum amount of physical memory that a process may use at any given moment
#include <sys/resource.h>
int getrlimit(int resource, struct rlimit *rlp);
int setrlimit(int resource, const struct rlimit *rlp);
oni limiti koji tebe zanimaju su
RLIMIT_VMEM - za ogranicenje kolicine alocirane memorije
btw uradi na svojoj linux masini
ulimit -a i dobices nesto kao
core file size (blocks) 1000000
data seg size (kbytes) unlimited
file size (blocks) unlimited
max locked memory (kbytes) unlimited
max memory size (kbytes) unlimited
open files 1024
pipe size (512 bytes) 8
stack size (kbytes) 8192
cpu time (seconds) unlimited
max user processes 764
virtual memory (kbytes) unlimited
sa ulimit komadnom mozes da namestas svaki od ovih limita posebno
[ Dejan Lozanovic @ 13.11.2001. 15:50 ] @
Citat:
blue je napisao:
evo ti jos bolji primer -
void main()
{
while(fork())
do fork();
}
pa primer i nije bas bolji cak losiji je :)))))) naime fork kod child procesa vraca rezultat 0 :))) a kod parenta je ta vrednost pID childa :)
[ DownBload @ 14.11.2001. 21:00 ] @
Na Debian 2.1 Linuxu, imas datoteku /etc/limits .
Tu mozes podesiti puno stvari za korisnika:
npr.
Max addr. space
Max core file size
max data size
max stack size
max number of processes
etc.etc.etc
BTW: Pogledaj 'man' stranice
Pretpostavljam da je slicna stvar i sa ostalim *nixima
[ DownBload @ 14.11.2001. 21:02 ] @
Samo da dodam...
#include <unistd.h>
#include <stdio.h>
void
main(void)
{
while(1)
{
fork();
printf("cao iz %d,pozvao me %d\n",getpid(),getppid());
}
}
To je dobra stvar, ali se meni ovo vise svidja
main(void)
{
while(1)
{
malloc (1000);
fork();
}
}
GREETZ
Copyright (C) 2001-2024 by www.elitesecurity.org. All rights reserved.