> But, you have the same problem if you have 2000 programs doing:

> 	for (;;)
> 		getpid();

> or any other system call.  Why should fork(2) be special?

Because fork() is the call that, when spun on, makes one process
explode into a system-killing wabbit.

Or, to put it another way, it's a lot easier to create 2000 processes
spinning on fork than 2000 processes spinning on getpid.

Yes, against someone _trying_ to lock up the system, this is
insufficient.  It is _very_ hard to withstand DoS attacks by someone
who can run arbitrary programs, and I'm not sure I see great value in
trying.  Far more common, though, is someone with no particular malice
but more curiosity than sense, or someone with not even that but with a
coding bug.  Against those, this will help greatly.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B