Re: Re: MS Internet Explorer 7 Denial Of Service Exploit
- From: Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 22 Nov 2008 22:14:51 +0000
On Konqueror 3.5.9, what happens is that this childish code builds a
huge string, eats memory, causes swapping, and finally blows away
Konq. Linux and X and everything else stay up and recover nicely.
This isn't an exploit -- at least not on Linux -- it's just kiddie
stupidity. It doesn't take any particular cleverness to blow memory by
dynamically creating bigger and bigger data structures. With virtual
memory and 64-bit pointers, when exactly do we return -ENOMEM?
When RLIMIT_AS has been exceeded.
If you disable the use of mmap'd-malloc() via mallopt(M_MMAP_MAX, 0),
you can effectively limit malloc() via RLIMIT_DATA.
If you really want to allow a single process to use all available RAM
for itself, you can; but you don't have to.
It might be nice if the browser limited the amount of memory which
Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>
- Prev by Date: Amaya (id) Remote Stack Overflow Vulnerability
- Next by Date: Amaya (URL Bar) Remote Stack Overflow Vulnerability
- Previous by thread: Re: MS Internet Explorer 7 Denial Of Service Exploit
- Next by thread: Re: Re: Re: MS Internet Explorer 7 Denial Of Service Exploit