Subject: Re: Fork bomb protection patch
To: Jaromir Dolecek <jdolecek@netbsd.org>
From: Lord Isildur <mrfusion@uranium.vaxpower.org>
List: tech-kern
Date: 12/06/2002 19:08:32
you dont deny _all_ future forks. you deny _that_ particular fork, as per 
the lack of an available process slot within that user's quota of process 
slots.. something that we already do anyway. the user will fill his 
quota, and thats the end of it. the n processes that consittute that 
user's fork bomb attempt will keep trying til someone comesd by and nukes 
them, but they wont do anything outside of the user's quota. to avoid 
collusion between multiple users, the reserved slots for root solve the 
problem. for a forkbomb running as root, there is always still the 
classic method of logging in (the getty execs login which execs the 
shell) and then exec'ing something like top where you can pick off and 
then kill the fork bomb at whim, all in the same process slot.
it really isnt a big deal to any sysadmin with much of any experience. 
isildur

On Wed, 4 Dec 2002, Jaromir Dolecek wrote:

> Lord Isildur wrote:
> > if the user has reached his limit, then he's not yet exceeded it.. 
> > albeit on the very edge of it, he should not be penalized for using the 
> > resources that he was already granted. refuse to give any further 
> > resources, sure.. but sleeping a process for .5s is an eternity! just 
> > deny the requesting process any further fork()s, as we already would do if
> > the table was full or the per-user limit was reached. 
> 
> Problem is that we can't 'deny further forks', since the program
> might be just innocent system program bumping to temporal process slot
> shortage or into it's process limit. Sleeping there seems like
> reasonable; it stops the bad guys, and isn't too annoying for the
> 'innocent' guys.
> 
> It would be quite simple to add some ratecheck() for how frequently
> the process bumps into limit, but it seems as overkill; moreover,
> I guess that even 'innocent' system programs would loop trying
> to spawn children, so would bump into this ratecheck()-induced
> sleep anyway too.
> 
> Jaromir
> 
> > Upping the reserve for root seems good, though it's certainly 
> > aesthetically more pleasing to see it all done with a single slot.. 
> > my 0.02,
> > isildur
> > 
> > On Wed, 4 Dec 2002, Jaromir Dolecek wrote:
> > > * make process sleep for 0.5s if the system table is full
> > >   or when the user reaches their process number limit
> > 
> 
> 
> -- 
> Jaromir Dolecek <jdolecek@NetBSD.org>            http://www.NetBSD.org/
> -=- We should be mindful of the potential goal, but as the tantric    -=-
> -=- Buddhist masters say, ``You may notice during meditation that you -=-
> -=- sometimes levitate or glow.   Do not let this distract you.''     -=-
>