Re: Patch Related With Fork Bombing Attack

[Bodo Eggert]

(not CCing security, since it's not a security bug and it's too late to
 verify if they should be on cc. Will do later.)

Anand Jahagirdar <anandjigar@xxxxxxxxx> wrote:

> This patch Warns the administrator about the fork bombing attack
> (whenever any user is crossing its process limit). I have used
> printk_ratelimit function in this patch. This function helps to
> prevent flooding of syslog and prints message as per the values set by
> root user in following files:-
> 
> 1) /proc/sys/kernel/printk_ratelimit:- This file contains value for,
> how many times message should be printed in syslog.
[...]

I'm wondering: Can these ratelimits be used to tell real forkbombs from
normal oops-i-hit-the-limits? I imagine if you have your private ratelimit,
that might just do the trick.

Beware: I have no idea on how much such an extra ratelimit would cost, and if
having that ratelimit-based detector would actually be a gain.
-- 
Ever notice how fast Windows runs? Neither did I. 

Friß, Spammer: .w@xxxxxxxxxxxxxxxxxx N@xxxxxxxxxxxxxxxxxxxxxxxxxx
 99aLZMlkFe@xxxxxxxxxxxxxxxxxxxxx Bbga@xxxxxxxxxxxxxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/