Subject: Re: CVS commit: syssrc/sys/kern
To: Jaromir Dolecek <jdolecek@netbsd.org>
From: Bill Studenmund <wrstuden@netbsd.org>
List: source-changes
Date: 12/05/2002 15:30:19
On Thu, 5 Dec 2002, Jaromir Dolecek wrote:
> Log Message:
> Couple fork-bomb defense changes:
>
> - leave 5 processes for root-only use, the previous value of 1
> was unsufficient to execute additional commands once logged, and
> perhaps also not enough to actually login remotely with recent (open)sshd
> - protect the log of "proc: table full" with ratecheck(), so that
> the message is only logged once per 10 seconds; though syslogd normally
> doesn't pass the repeated messages through, this avoids flooding
> syslogd and potentially also screen/logs
> - If the process hits either system limit of number of processes in system,
> or user's limit of same, force the process to sleep for 0.5 seconds
> before returning failure. This turns 2000 rampaging fork monsters into
> 2000 harmlessly snoozing fork monsters.
> The sleep is intentionally uninterruptible by signals.
>
> These are not intended as ultimate protection agains fork-bombs.
> Determined attacker can eat CPU differently than via repeating
> fork() calls. But this is good enough to help protect against
> programming mistakes or simple-minded tests.
>
> Based on FreeBSD kern_fork.c change in revision 1.132 by
> Mike Silbersack <silby at FreeBSD org>
>
> Change also discussed on tech-kern@NetBSD.org, thread
> 'Fork bomb protection patch'.
WHAT ARE YOU DOING!!!!
The thread you refer to is still on-going, and the last of Roland's posts
I've seen indicate that the .5 second wait is a load of crap. It doesn't
really help, and it's a kludge.
So why did you check it in, refering to a thread as being justification?
Please revert the sleep part (the rest seems fine).
Take care,
Bill