roadmap

Robert Day zarin at dscn.net
Mon Jan 5 04:03:46 PST 2004


On Mon, 2004-01-05 at 06:56, Christopher James Coleman wrote:
> On Mon, 5 Jan 2004, Thomas Sutton wrote:
> > Robustness could include using scripts to re-spaw essential daemons in
> > the event of failure and service lockup, core support for watchdog
> > timers, etc.
> 
> You do not always want to respawn a daemon on failure. This allows someone
> attempting to exploit a process to try repeatedly, as everytime they are
> unsuccessful you give them a new one. SegVGuard and/or GRSec have elements
> built into them that stop segfaulted processes coming back up for a
> specified time.

Well writtin daemontools / runit run scripts can have that added as
well. Most (all?) daemons can be forced to run in a chroot jail (and we
plan on this anyhow) - their resultant core dumps can be in a
predictable location, which can be checked via the run script. If there
is a core file, another script can be executed before the daemon is
started, and the actual start can be delayed by x amount of time. That
other script can include emailing a preconfigured system administrator,
sending a page to the admin via a pager gateway, sms gateway, etc. etc. 
Lots of options there that we can work on when the time comes.

  Rob Day (BOFH)




More information about the hlfs-dev mailing list