Defensive programming
Jack Diederich
jack at performancedrivers.com
Sun Jun 1 09:12:54 EDT 2003
On Sun, Jun 01, 2003 at 05:24:32AM -0700, Jeremy Fincher wrote:
> Jack Diederich <jack at performancedrivers.com> wrote in message news:<mailman.1054463105.27128.python-list at python.org>...
> > Specific problems are
> > best solved at specific layers, and DoS attacks that eat CPU are best solved
> > at the operating system level.
>
> All the operating system can do is kill the runaway process; how is
> that acceptable for multiple client processes?
>
Not very! But the OS could send a catchable signal that means 'knock it off.'
The default behavior would be to kill the process, but the program could
redefine it if there is a smart way to cleanup & die.
This has the advantage that it works for all DoS attacks - the programmer
and the programmers of his language (python) don't have to anticipate and
avoid all possible attacks, known and unknown. Killing the process is still
a very reasonable default, staying alive during a DoS is your #1 priority.
CPU/memory quota policies would have to be explicitly defined by the
admin for particular programs & services. The guys over on linux-kernel
have tried lots of heuristics to intelligently kill world-eating memory hogs
but all the heuristics fail in one way or another (killing init is a popular
misstep).
-jack
More information about the Python-list
mailing list