Defensive programming

Jack Diederich jack at performancedrivers.com
Sun Jun 1 15:12:54 CEST 2003


On Sun, Jun 01, 2003 at 05:24:32AM -0700, Jeremy Fincher wrote:
> Jack Diederich <jack at performancedrivers.com> wrote in message news:<mailman.1054463105.27128.python-list at python.org>...
> > Specific problems are 
> > best solved at specific layers, and DoS attacks that eat CPU are best solved
> > at the operating system level.
> 
> All the operating system can do is kill the runaway process; how is
> that acceptable for multiple client processes?
> 

Not very!  But the OS could send a catchable signal that means 'knock it off.'
The default behavior would be to kill the process, but the program could
redefine it if there is a smart way to cleanup & die.

This has the advantage that it works for all DoS attacks - the programmer
and the programmers of his language (python) don't have to anticipate and
avoid all possible attacks, known and unknown.  Killing the process is still 
a very reasonable default, staying alive during a DoS is your #1 priority.

CPU/memory quota policies would have to be explicitly defined by the
admin for particular programs & services.  The guys over on linux-kernel
have tried lots of heuristics to intelligently kill world-eating memory hogs
but all the heuristics fail in one way or another (killing init is a popular
misstep).

-jack





More information about the Python-list mailing list