> The question is - Is the default Linux kernel maximum process value
> high enough so that lots of empty address spaces can be created and
> bring down the host? In my experience, the answer would be no.
The process limit doesn't apply to address spaces, just new processes.
What does apply to address spaces is the address space limit as they are
populated. In a skas UML, all pages mapped into any of its address spaces
are counted against its address space limit.
will create lots of address spaces without any pages mapped into them, so
the address space limit doesn't help. The kernel memory consumption of
an empty address space is sizeof(struct mm_struct) (== 344 bytes on 2.5) +
PAGE_SIZE (for the top-level page directory) == 4340 bytes + probably some
other small stuff. Since the address spaces are empty, this won't count in
any way against any resource limit.
A skas UML won't actually do this, since any of its address spaces will likely
have at least 3 pages mapped (text, data, stack, plus some shared library
and loader pages). These will count against UML's address space limit on the
host, but this is still nearly optimal from a DOS standpoint since it is
consuming one kernel page (for the page table page) for every user page that
counts against the limit.
Also, an infinite open("/proc/mm") loop run inside a UML with /proc/mm
enabled will turn into the same loop on the host.
So, in short,
it is possible to DOS the host from a skas UML with a ton of little
processes or an open("/proc/mm") loop
lots of non-trivial processes will hit either an internal UML limit
(i.e. memory) or the host address space limit (if it's set) before DOS-ing
However, if you're running a hosting service, and you have a customer DOS-ing
you, I would think that you would kick the customer off rather than look for
limits that would make the attacks ineffective.