On Thu, Dec 05, 2002 at 02:34:15AM -0500, Greg A. Woods wrote:
> Anyone who thinks FreeBSD's fix will suffice alone against a
> knowlegable attacker is also dreaming -- the CPU will still be very
> very busy if the attackers know what they're doing.

It's not supposed to suffice. It's supposed to help. It raises the
bar, so that attackers who *don't* know what they're doing are
likely to do less harm.

I think it will help in this way, and I like it.  Playing with the
nice of the forkmonster might also be something to consider.

> Any half-awake admin on a multi-user system will only let such a problem
> hit them once, and then they'll implement proper resource limits and get
> on to more important things.

And having set such limits, this will help enforce them when reached.

If you really want to be able to turn this behaviour off, feel free
to contribute code that makes it conditional on a sysctl.

--
Dan.