Yeah I'd say for media files, unless you have a specially-hardened fully-memory-safe parser (that supports first-class resource limits for stuff like zip-bomb prevention), you're better off stuffing that off into a subprocess call to let the OS do the resource limits for you, even if the subprocess is still using "safe" parsers.
If you're using subprocess sandboxing anyways, I'd also consider looking into cgroups for additional resource limits; they can do a lot more than you might think, including memory and CPU time and such *as a subset of their parent cgroup*, so you can make it so they can never starve the service itself of CPU time, even if you have the service already limited by a cgroup and accidentally start shitloads of them at once.
Emelia/Emi
npub18a…7pj7v
2025-03-05 02:04:01 UTC
in reply to nevent1q…r4ea
Author Public Key
npub18awg073vadjxw7vst9v3dduvxjulc7x7jjyskvqkjfa99xn28zdqj7pj7vSeen on
wss://relay.momostr.pinkPublished at
2025-03-05 02:04:01 UTCEvent JSON
{
"id": "ef2aa646d0cd0a097a3235b748485ed397923a7b6d8b8f98c4b5d04b88e0496f",
"pubkey": "3f5c87fa2ceb64677990595916b78c34b9fc78de94890b3016927a529a6a389a",
"created_at": 1741140241,
"kind": 1,
"tags": [
[
"p",
"4014f060ca2d2c1ededbca93ba6100f82d96b0bcadba56a82f0ecc9ab1d468c0"
],
[
"e",
"65c2ab932b24ad388ebc7853cf37645c462438cf8289ff33bb25d7198323509f",
"",
"root",
"4014f060ca2d2c1ededbca93ba6100f82d96b0bcadba56a82f0ecc9ab1d468c0"
],
[
"p",
"3f5c87fa2ceb64677990595916b78c34b9fc78de94890b3016927a529a6a389a"
],
[
"e",
"4511eb7304256228cfabef722108dc206b306d2dc2f155f8b95a5df50cb8d9ec",
"",
"reply",
"4014f060ca2d2c1ededbca93ba6100f82d96b0bcadba56a82f0ecc9ab1d468c0"
],
[
"proxy",
"https://tech.lgbt/@becomethewaifu/114107366848482501",
"web"
],
[
"proxy",
"https://tech.lgbt/users/becomethewaifu/statuses/114107366848482501",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://tech.lgbt/users/becomethewaifu/statuses/114107366848482501",
"pink.momostr"
],
[
"-"
]
],
"content": "Yeah I'd say for media files, unless you have a specially-hardened fully-memory-safe parser (that supports first-class resource limits for stuff like zip-bomb prevention), you're better off stuffing that off into a subprocess call to let the OS do the resource limits for you, even if the subprocess is still using \"safe\" parsers. \n\nIf you're using subprocess sandboxing anyways, I'd also consider looking into cgroups for additional resource limits; they can do a lot more than you might think, including memory and CPU time and such *as a subset of their parent cgroup*, so you can make it so they can never starve the service itself of CPU time, even if you have the service already limited by a cgroup and accidentally start shitloads of them at once.",
"sig": "a72e38086f028879aa9dfc625cbad8efcdf1d6c7cae6fbbad3a1cc38360c568608320db260eec0247090a0395bb614c13190d195a2848f03403451103292af9b"
}