-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Oct 27, 2009 at 05:27:58PM +0500, surreal wrote: > I just caught hold of a C source code from 2005. This code is a local DoS > which fills up the entire memory on Linux 2.6.N kernels.
I guess you are talking about CVE-2008-5300 [1]. What happens there is that this program exhausts _kernel_ memory due to a bug. This bug is fixed in 2.6.27.8 [2] This has _nothing_ to do with the process taking 100% CPU: if they are available it would be a bug _not_ to give them to a process requesting it. The question is whether other processes get starved or get their share of resources. And the "classical" fork bomb posted elsewhere in this thread isnt a problem either: it is only possible whenever the process has enough permissions to hog resources. Cf. the manpage of ulimit to learn more. Folks, do your research. Ah. BTW. This is way off topic for this list. Regards [1] <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5300> [2] <http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.8> - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFK5/UoBcgs9XrR2kYRAj2DAJ9b36RSOZTDDrBwlqBp9kYnppbgkwCePQhE EjDxw5m0bfHCpXdBxu2kNak= =eweX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
