From kde-core-devel  Wed Aug 09 20:16:57 2006
From: Peter Rockai <me () mornfall ! net>
Date: Wed, 09 Aug 2006 20:16:57 +0000
To: kde-core-devel
Subject: Re: OOM-killer prevention for master kdeinit process
Message-Id: <20060809201657.GA16401 () lorien ! mornfall ! net>
X-MARC-Message: https://marc.info/?l=kde-core-devel&m=115518929923354

On Wed, Aug 09, 2006 at 08:44:49PM +0200, Oswald Buddenhagen wrote:
> fwiw, by committing this you accept that a regular user can escape
> oom-killing to a certain degree for arbitrary applications (all that are
> launched by kdeinit) - i'm not sure how big the impact of -5 is, but i
> can imagine that's not something you *really* want in a multi-user
> environment.

I'd say it's not that big deal, since if something is being OOM-killed, the
system has been completely unusable for a few minutes already (unless
something changed in linux kernel since i last encountered an OOM kill). It's
probably useless as a DoS attack vector (if you can DoS the system, you could
do so already even without the oom-prevention privilege). I can't think of any
other way than DoS to exploit the privilege. Can you?

(In a multiuser system you probably want to have ulimits and enough swap to
avoid things like users triggering oom anyway -- being able to trigger oom
alone is probably enough to do nasty things to the system).

Yours, Peter.

-- 
Peter Rockai | me()mornfall!net | prockai()redhat!com | +421907533216 
   http://blog.mornfall.net | http://web.mornfall.net

"In My Egotistical Opinion, most people's C programs should be
 indented six feet downward and covered with dirt."
     -- Blair P. Houghton on the subject of C program indentation