1 |
On Mon, 1 May 2017 09:46:38 -0400 Rich Freeman wrote: |
2 |
> On Sun, Apr 30, 2017 at 4:17 PM, Kai Krakow <hurikhan77@×××××.com> wrote: |
3 |
> > Am Sun, 30 Apr 2017 10:33:05 -0700 |
4 |
> > schrieb Jorge Almeida <jjalmeida@×××××.com>: |
5 |
> > |
6 |
> >> It makes sense that the kernel has it. Should it be enabled? For a |
7 |
> >> server, probably. For a single-user workstation? Maybe. |
8 |
> > |
9 |
> > Maybe I don't have the ordinary workstation, but I use it to limit |
10 |
> > memory of sometimes-run-away services (memory-wise) and to control |
11 |
> > resource usage of container machines I'm using during development. |
12 |
> > Probably not the ordinary use-case... |
13 |
> > |
14 |
> |
15 |
> Honestly, I can't think of why you wouldn't want to use it. |
16 |
|
17 |
It is an additional attack surface. If there is no use for some |
18 |
$feature on some system, it must be disabled. Also this subsystem |
19 |
is still new in the kernel and there were many related |
20 |
vulnerabilities in the past. |
21 |
|
22 |
Best regards, |
23 |
Andrew Savchenko |