> On Wed, 10 Oct 2007 09:46:22 EDT, Gustavo Chain said: >> El Wed, 10 Oct 2007 15:14:06 +0930 >> David Newall <[EMAIL PROTECTED]> escribió: >> > That was what I thought you had in mind; it protects from some kind >> > of fork bomb, right? But it doesn't seem useful unless you guarantee >> > having a process already running (with CAP_SYS_ADMIN) *before* the >> > bomb goes off. >> >> Not really, because fork bomb will never reach maximum pid possible. >> And root will always have a "slot" to kill desired processes. > > What David meant was that "root will always have a slot" doesn't > *actually* > help unless you *also* have a way to actually *spawn* such a process. In > order > to do the ps, kill, and so on that you need to recover, you need to > already > have either a root shell available, or a way to *get* a root shell that > doesn't > rely on a non-root process (so /bin/su doesn't help here). > > Many distros will leave a /sbin/mingetty running on tty1 through tty6, and > you *can* use those to get a root shell. David's point is that without > something like that already in place, the patch doesn't help.... > >
but once you are logged in, how can you "spawn" processes (ps, kill, and so on) if the limit is reached ? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
