| 1 |
On Mon, 1 May 2017 09:46:38 -0400 Rich Freeman wrote: |
| 2 |
> On Sun, Apr 30, 2017 at 4:17 PM, Kai Krakow <hurikhan77@×××××.com> wrote: |
| 3 |
> > Am Sun, 30 Apr 2017 10:33:05 -0700 |
| 4 |
> > schrieb Jorge Almeida <jjalmeida@×××××.com>: |
| 5 |
> > |
| 6 |
> >> It makes sense that the kernel has it. Should it be enabled? For a |
| 7 |
> >> server, probably. For a single-user workstation? Maybe. |
| 8 |
> > |
| 9 |
> > Maybe I don't have the ordinary workstation, but I use it to limit |
| 10 |
> > memory of sometimes-run-away services (memory-wise) and to control |
| 11 |
> > resource usage of container machines I'm using during development. |
| 12 |
> > Probably not the ordinary use-case... |
| 13 |
> > |
| 14 |
> |
| 15 |
> Honestly, I can't think of why you wouldn't want to use it. |
| 16 |
|
| 17 |
It is an additional attack surface. If there is no use for some |
| 18 |
$feature on some system, it must be disabled. Also this subsystem |
| 19 |
is still new in the kernel and there were many related |
| 20 |
vulnerabilities in the past. |
| 21 |
|
| 22 |
Best regards, |
| 23 |
Andrew Savchenko |
Archives