MOO-cows Mailing List Archive
Re: Big strings => panic
On Fri, 19 Apr 1996, Matthew Sanderson wrote:
> Granted; would it then be possible to degrade slightly more gracefully,
> such as kill the huge task, rather than panicking? Malloc fails, kill the
> MOO task, sort of thing. I don't see that a server panic is either
> necessary or desirable or unavoidable in this situation.
> Although I realise it's a danger one has to live with, it would be really
> nice if giving someone a progbit did not give that person the power to
> panic the MOO. 1.8.0's task-quotas is a solution to the problem of
> forkbombs... but this problem remains (and some others).
not without a lot of odd heuristics munged througout your code. How do
you know if its a malloc panic from somebody creating a non-important
string which can be trashed versus some other possible (more
dangerous) problem? Sure you can simply kill any running tasks when a
panic is received, but that is just as bad (if not worse) in behaviour
than simply panic'ing and shutting down, and its not even guarantee'd to
solve the problem!
Subject Index |