MOO-cows Mailing List Archive

[Prev][Next][Index][Thread]

Re: Big strings => panic



On Fri, 19 Apr 1996, Matthew Sanderson wrote:
> Granted; would it then be possible to degrade slightly more gracefully,
> such as kill the huge task, rather than panicking? Malloc fails, kill the
> MOO task, sort of thing. I don't see that a server panic is either
> necessary or desirable or unavoidable in this situation.
> Although I realise it's a danger one has to live with, it would be really
> nice if giving someone a progbit did not give that person the power to
> panic the MOO. 1.8.0's task-quotas is a solution to the problem of
> forkbombs... but this problem remains (and some others).

not without a lot of odd heuristics munged througout your code.  How do 
you know if its a malloc panic from somebody creating a non-important 
string which can be trashed versus some other possible (more 
dangerous) problem?  Sure you can simply kill any running tasks when a 
panic is received, but that is just as bad (if not worse) in behaviour 
than simply panic'ing and shutting down, and its not even guarantee'd to 
solve the problem!

-Brandon Gillespie-


References:

Home | Subject Index | Thread Index