zarin at dscn.net
Mon Jan 5 04:03:46 PST 2004
On Mon, 2004-01-05 at 06:56, Christopher James Coleman wrote:
> On Mon, 5 Jan 2004, Thomas Sutton wrote:
> > Robustness could include using scripts to re-spaw essential daemons in
> > the event of failure and service lockup, core support for watchdog
> > timers, etc.
> You do not always want to respawn a daemon on failure. This allows someone
> attempting to exploit a process to try repeatedly, as everytime they are
> unsuccessful you give them a new one. SegVGuard and/or GRSec have elements
> built into them that stop segfaulted processes coming back up for a
> specified time.
Well writtin daemontools / runit run scripts can have that added as
well. Most (all?) daemons can be forced to run in a chroot jail (and we
plan on this anyhow) - their resultant core dumps can be in a
predictable location, which can be checked via the run script. If there
is a core file, another script can be executed before the daemon is
started, and the actual start can be delayed by x amount of time. That
other script can include emailing a preconfigured system administrator,
sending a page to the admin via a pager gateway, sms gateway, etc. etc.
Lots of options there that we can work on when the time comes.
Rob Day (BOFH)
More information about the hlfs-dev