Subject: Re: Fork bomb protection patch
To: None <sommerfeld@netbsd.org>
From: Richard Earnshaw <rearnsha@buzzard.freeserve.co.uk>
List: tech-kern
Date: 12/07/2002 00:32:12
> > Actually, yes it is hard. I've cleaned up from several fork bombs and
> > you gotta get the right ps | grep | xargs kill right or the fork bomb
> > surives. Even then there is a race between the ps and more processes
> > forking. I usually have to run my ps | grep| xargs kill command
> > several times in a row to completely kill the forkbomb w/o a rate
> > limiter.
>
> I've found that a two-stage cleanup works well:
>
> - SIGSTOP them all
> - SIGKILL them all
>
> If you start with SIGKILL, shooting processes while there are still
> live ones just creates more room for the live ones to expand into.
>
>
Of course, to make this really robust against a 'smart' bomb that spots
its mates getting SIGSTOPped and SIGCONTing them, if a process is
SIGSTOPped by root, then only root should be able to continue it again.
R.