[Issue 1071] DoS code on Windows Platform
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Mon Jul 23 20:03:59 PDT 2007
http://d.puremagic.com/issues/show_bug.cgi?id=1071
------- Comment #6 from vietor at zettabytestorage.com 2007-07-23 22:03 -------
Seems I'm strongly in the minority here.
My chief concern is:
What is a sane value for a memory limit and what do you plan to do in 10 years
when it's no longer a sane value? Additionally, sane for who?
Calling compiler induced memory exhaustion a security risk is making a mountain
out of a molehill. At best it's a fairly weak DoS that though it will
dramatically reduce system performance as it pushes into swap, will be
automatically resolved by the OS when it hits the end of swap and is killed.
The likelihood of the memory allocation subsystem killing anything other that
the compiler gone wild is very small, but at worst this could result in
randomly killing other processes.
Calling this disastrous is playing to hysteria. If you are serious about
reliability in a multi-user environment, yet do not have per user resource
limits in order to prevent this sort of problem, then your sysadmin is not
doing their job.
Additionally, this is a compiler, it's a development tool. If you are running
it on mission critical servers that cannot withstand an easily contained memory
exhaustion, then you have far greater problems than a "misbehaving" compiler.
Solving this sort of problem by demanding that each application decide upon an
arbitrary memory limit to impose upon itself is asking for trouble. Any
situation in which this behavior will be a problem and not just an
inconvenience, almost certainly has far greater threats to worry about.
I recognize that I am being perhaps overly passionate about a trivial issue in
only one of two compilers for a language that is hardly mainstream, and that
regardless of how it's decided will probably never effect me as I detest
gratuitous preprocessing and compile time shenanigans. However,am I the only
one who thinks that creating situations in which valid operations will fail
without additional effort, in order to provide an expedient solution to a
problem better solved by other means, is the wrong thing to do?
--
More information about the Digitalmars-d-bugs
mailing list