Hacker News new | past | comments | ask | show | jobs | submit login

Firefox won't crash if you raise the memory limit in /etc/login.conf. OpenBSD kills processes using more than 512MB by default.

Not quite what happens. OpenBSD doesn’t kill processes that use too much memory—it just causes any more memory allocation to fail. A well‐written program would detect that out‐of‐memory condition and try to handle it (maybe pause, or print a message to the user, or exit cleanly), but Firefox is not well‐written, and just crashes…

On the other hand, on Linux allocations succeed even when there isn’t enough memory on the system, and the OOM killer will kill a process once it starts using too much memory. Unlike the OpenBSD way, there’s no way for a process to detect that it’s using too much memory and handle it gracefully—you have to trust that the OOM killer is intelligent enough to never kill the wrong program…

Aborting on OOM is actually a deliberate decision by Firefox, to avoid the complication of dealing with failure cases (and NULLs getting everywhere) in every single memory allocation:


Thanks for clarifying.

I suppose it's more accurate to say that while OpenBSD doesn't kill processes outright, it maintains an environment where poor quality software will more likely crash than do harm.

The source of login(1) for anyone interested <http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/login/>.

Wow, I'll remember this the next time someone tells me memory allocations can't fail.

Seems like a great design overall, but I'm not sure how I feel about the fixed 512MB limit. That's too high in almost all cases, and too low for a few exceptions (e.g. browsers). Not that I have any suggestions for how to do it better, while still being reliable/predictable.

The limit is configurable, and is also set per login class. System daemons run with lower limits. If you create a user while installing, it’s added to the “staff” user class, which has higher limits than users added later—this works pretty well for the common use‐cases of “single user desktop” and “server meant to be accessed by multiple unprivileged users”. Of course, you can always configure these limits in login.conf if your situation doesn’t match up well.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact