[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

using activities in a DoS attack vector

From: Neal H. Walfield
Subject: using activities in a DoS attack vector
Date: Thu, 26 Jun 2008 16:07:12 +0200
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (Shij┼Ź) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI)

At Thu, 26 Jun 2008 13:32:53 +0200,
Bas Wijnen wrote:
> Can activities create children without limits?  In that case, this
> tree-walking does not have an upper limit on its completion time?

An activity is a normal object.  It is not treated much differently
from a page, a cappage, or a thread.  So, to answer your question,
insofar as an activity has memory, it have that many *active*
activities.  That's the key.  Viengoos only calculates statistics for
active activities.  An activity is active if it is in memory, and
activities are subject to the usual paging mechanisms (with the
exception that an activity may only be paged out if its children are
paged out and no object refers to it).

This limits the scope of such an attack to the amount of memory that
is available to an activity.  Nevertheless, generating statistics for
a large number of activities can still require a significant amount of
CPU time.  So far, I have only seriously addressed memory accouting.
Once CPU time is also consider, it makes sense to charge activities
for this service.  If an activity doesn't have any CPU time, neither
does its children.  Thus, we could simply stop recursing when we
encounter such an activity.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]