On 10 xxx -1 [EMAIL PROTECTED] wrote:
> Some days ago my friend tell me that with simple user rights
> and whit only 1 line of code he could crash my machine. I laught
> but he did it :(.
>
> What he wrote was ' int main(void) {while(1) fork(); }' compiled it
> and run it. Within a second /kernel said "proc: table is full" and
> died.
This DoS is probably as old as you are. :) Setting proper limits on
your system, like "maxproc" and "stacksize" et al. in /etc/login.conf
will clamp down on this.
"Security for a server also means protection against itself."
> So I sit down and wrote a static library that introduse a new fork()
> (nfork()) and _exit() (nexit()) whose only purpose is to lower the
> effect ot fast fork()s by sleeping accordingly to the number of times
> fork() was called.
Your code is always welcome here, :) however most people here will
just tell you what I've just told you.
Perhaps a discussion of something like FORK_RATELIMIT along the lines
of ICMP_BANDLIM is in order? After an adjustable threshold forks
slowly start slowing down, rather than coughing up a "Resource
temporarily unavailable"?
-Paul.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
