On 1039072213 seconds since the Beginning of the UNIX epoch
Havard Eidnes wrote:
>

>...with great effort and a bit of luck, if he can get at the required
>CPU resources, which would be difficult because the fork bomb
>processes are at this point (without the patch) all spinning doing a
>system call -- fork().

But, you have the same problem if you have 2000 programs doing:

	for (;;)
		getpid();

or any other system call.  Why should fork(2) be special?  Just
because there is an old local DOS attack that used it?

If a process or a number of processes can kill the machine just by
spinning on forks that always fail, then I believe that this
underlines a more serious issue that should be addressed and not
papered over.

If consensus is to penalise the offending process, I'd like to put
forward the notion of just adding a large number to p_estcpu rather
than tsleeping.  At least then the solution would work within the
current scheduler to some degree.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/