Subject: Re: Fork bomb protection patch
To: Jaromir Dolecek <jdolecek@netbsd.org>
From: Lord Isildur <mrfusion@uranium.vaxpower.org>
List: tech-kern
Date: 12/04/2002 15:20:38
if the user has reached his limit, then he's not yet exceeded it.. 
albeit on the very edge of it, he should not be penalized for using the 
resources that he was already granted. refuse to give any further 
resources, sure.. but sleeping a process for .5s is an eternity! just 
deny the requesting process any further fork()s, as we already would do if
the table was full or the per-user limit was reached. 
Upping the reserve for root seems good, though it's certainly 
aesthetically more pleasing to see it all done with a single slot.. 
my 0.02,
isildur

On Wed, 4 Dec 2002, Jaromir Dolecek wrote:
> * make process sleep for 0.5s if the system table is full
>   or when the user reaches their process number limit