Subject: Re: Fork bomb protection patch (Was: Re: CVS commit: syssrc/sys/kern)
To: Brian Chase <>
From: Lord Isildur <>
List: tech-kern
Date: 12/08/2002 16:48:41
I coudlnt have put it better myself. The accumulation of dozens of
roto-apple-matics all over the place is the primary reason I run older
versions (1.3 or early 1.4's) wherever I can. Creepy featuritis is a
deadly ailment.
On Sun, 8 Dec 2002, Brian Chase wrote:
> The solution you've proposed (and committed to the tree at that)
> addresses one very specific and limited type of resource denial out of a
> whole class of those attacks. In light of these facts, I'd say the fix
> is about as "elegant" as a battery operated Roto-Apple-Matic purchased
> from a late night television advert. (ONLY $19.95! CALL NOW!) I should
> clarify the metaphor a bit...
> NetBSD, and Unices in general, already have a perfectly good tool for
> peeling apples; it's called a knife. The knife does take a bit of
> thought and some practice to become skilled with it. However, that same
> knife works just as well for peeling potatoes, zucchini, pears, carrots,
> etc. and it even chops and slices, too! Yes it's true that using our
> simple knife doesn't have the pushbutton convenience of the
> Roto-Apple-Matic, but the knife is extremely versatile and it doesn't
> waste shelf space while it sits idle, collecting a layer of dust from
> disuse.
> Oh, but surely I'm being rude. You've come to us, quite obviously with
> the best of intentions, and stuffed our holiday stockings with lovely
> new Roto-Apple-Matics! It is the thought that counts. Isn't it? Well,
> it's a very special device this Roto-Apple-Matic! It's a fine /fine/
> thing this wondrous technological marvel. I shall certainly have to
> peel some apples with this at some point. You don't happen to still
> have the receipt, do you?
> -brian.
> (Given we're at a bit of an impass on this, my requests are that (a) the
> free slot count for root be tunable, (b) the delay time be tunable, and
> that (c) this delay time be something that's enabled by the presence of
> a kernel configuration option. I don't think that's too much to ask.)