Re: Patch Related with Fork Bombing Attack

From: Simon Arlott
Date: Sun Jul 15 2007 - 04:48:57 EST


On 13/07/07 13:39, Anand Jahagirdar wrote:
> This patch Warns the administrator about the fork bombing attack
> (whenever any user is crossing its process limit). I have used

> + printk(KERN_WARNING "User with uid %u is crossing the process limit\n",p->user->uid);

I have mentioned this before when it was KERN_CRIT, why is this
KERN_WARNING? It seems reasonable to have loglevel at KERN_WARNING, then
it'd go to all consoles. Just because a fork bomb would trigger this
doesn't mean you can assume it is one and raise its severity.

If the limit is working correctly then there is no need to print anything...


Also, users can arbitrarily lower their limit at any time and trigger
this printk:

$ ulimit -Su 0
$ uptime
bash: fork: Resource temporarily unavailable


If you really think this is needed then the message needs changing,
because they haven't actually gone over the limit. I'm not sure how best
to word it. What about the other limits? Max memory size and cpu time
sound just as important as max user processes to me.

--
Simon Arlott
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/