Subject: Re: Fork bomb protection patch
To: Bill Studenmund <wrstuden@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 12/06/2002 20:48:42
On Fri, Dec 06, 2002 at 05:29:38PM -0800, Bill Studenmund wrote:
> On Sat, 7 Dec 2002, Daniel Carosone wrote:
>
> > On Fri, Dec 06, 2002 at 06:49:32PM -0500, Lord Isildur wrote:
> > > exactly. stop 'em first so they cant keep forking, and then pick them off
> > > at your leisure.
> >
> > Pardon me - isn't that what the sleep part of this change does for you?
>
> Yes and no.
>
> While the sleep part will do that, you don't need the sleep part to
> achieve it.
Furthermore, it's trivial to avoid ever hitting the sleep, with about ten
seconds of thought. Get the processes rlimit before you start forking, and
use IPC via pipes or a shared memory segment (e.g. one shared by related
processes using mmap()) to control who can fork when. Between forks,
just do random fast system calls to eat CPU.
In other words, this change is not *sufficient* to stop even a trivial
deliberate attack on the system, while it is not *necessary* to stop
accidental forkmonsters from eating all system resources -- rlimit and
kill work quite nicely for that already. It is a poor idea and should
never have been committed to our tree.
Thor