Subject: Re: Fork bomb protection patch
To: None <mrfusion@uranium.vaxpower.org>
From: Havard Eidnes <he@netbsd.org>
List: tech-kern
Date: 12/05/2002 08:10:13
> but just denying the fork will also stop the fork bomb. =


No.

> sure, itll use a lot of cpu.

Exactly.

> an admin can come by and kill them off, though.

...with great effort and a bit of luck, if he can get at the required
CPU resources, which would be difficult because the fork bomb
processes are at this point (without the patch) all spinning doing a
system call -- fork().

To quote the FreeBSD commit log message at

  http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D614295+0+archive/2002/=
cvs-all/20020224.cvs-all

 - Force any process trying to fork beyond its user's maximum
   number of processes to sleep for .5 seconds before returning
   failure.  This turns 2000 rampaging fork monsters into 2000
   harmlessly snoozing fork monsters.

Now, I get the distinct impression some folks here are arguing about
this just for argument's sake.

Regards,

- H=E5vard