Re: fork() DoS?

Mark Mielke (mark@mark.mielke.cc)
Sun, 24 Mar 2002 11:23:36 -0500

The simplest way would be to limit _SC_CHILD_MAX. _POSIX_CHILD_MAX
looks like it is only 6. Another way would be to introduce a scheduler
which forced process/threads owned by the same uid to combat with each
other for a time slice, and each user be given a fair time slice. (A
little more complicated, but probably doable)

mark

On Sat, Mar 23, 2002 at 11:09:03PM +0100, Erik Tews wrote:
> On Fri, Mar 22, 2002 at 09:16:00AM -0600, Little, John wrote:
> > I'm really not a programmer, just learning, but was able to bring the system
> > to it's knees. This is a redhat 7.2 kernel. Is there anyway of preventing
> > this?
>
> There are some kernel-patches existing which limit the number of allowed
> forks per second. But there is a much shorter way for launching a
> forkbomb:
>
> :(){ :|:&};:
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

-- 
mark@mielke.cc/markm@ncf.ca/markm@nortelnetworks.com __________________________
.  .  _  ._  . .   .__    .  . ._. .__ .   . . .__  | Neighbourhood Coder
|\/| |_| |_| |/    |_     |\/|  |  |_  |   |/  |_   | 
|  | | | | \ | \   |__ .  |  | .|. |__ |__ | \ |__  | Ottawa, Ontario, Canada


  One ring to rule them all, one ring to find them, one ring to bring them all
                       and in the darkness bind them...


                           http://mark.mielke.cc/


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/