Subject: Re: CVS commit: syssrc/sys/kern
To: Jaromir Dolecek <jdolecek@netbsd.org>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 12/05/2002 15:30:19
On Thu, 5 Dec 2002, Jaromir Dolecek wrote:

> Log Message:
> Couple fork-bomb defense changes:
>
> - leave 5 processes for root-only use, the previous value of 1
>   was unsufficient to execute additional commands once logged, and
>   perhaps also not enough to actually login remotely with recent (open)sshd
> - protect the log of "proc: table full" with ratecheck(), so that
>   the message is only logged once per 10 seconds; though syslogd normally
>   doesn't pass the repeated messages through, this avoids flooding
>   syslogd and potentially also screen/logs
> - If the process hits either system limit of number of processes in system,
>   or user's limit of same, force the process to sleep for 0.5 seconds
>   before returning failure. This turns 2000 rampaging fork monsters into
>   2000 harmlessly snoozing fork monsters.
>   The sleep is intentionally uninterruptible by signals.
>
> These are not intended as ultimate protection agains fork-bombs.
> Determined attacker can eat CPU differently than via repeating
> fork() calls. But this is good enough to help protect against
> programming mistakes or simple-minded tests.
>
> Based on FreeBSD kern_fork.c change in revision 1.132 by
> Mike Silbersack <silby at FreeBSD org>
>
> Change also discussed on tech-kern@NetBSD.org, thread
> 'Fork bomb protection patch'.

WHAT ARE YOU DOING!!!!

The thread you refer to is still on-going, and the last of Roland's posts
I've seen indicate that the .5 second wait is a load of crap. It doesn't
really help, and it's a kludge.

So why did you check it in, refering to a thread as being justification?

Please revert the sleep part (the rest seems fine).

Take care,

Bill