tech-kern: Re: Fork bomb protection patch

Subject: Re: Fork bomb protection patch
To: M. Warner Losh <imp@bsdimp.com>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 12/06/2002 12:43:20
[ On Friday, December 6, 2002 at 01:11:46 (-0700), M. Warner Losh wrote: ]
> Subject: Re: Fork bomb protection patch
>
> Actually, yes it is hard.  I've cleaned up from several fork bombs and
> you gotta get the right ps | grep | xargs kill right or the fork bomb
> surives.

It's really _not_ that hard.  Back to sysadmin remedial class for you!

(yes I too once wrote a fork-bomb that I called a "spawning spinning
top" where each child was self-reproducing and each was careful to
maximize its use of resources without getting itself killed accidentally
by stray signals and errors and such -- but this thread has finally come
to at least the consensus that it is only about a stupid fix that can
only possibly try to ease the impact of stupid accidents done by
ordinary users that are much more easily stopped with one well-placed
kill and then a simple followup kill or two and much more easily
controlled with proper resource limits:  i.e. this hack can't work
against malicious attackers and the battle's lost before it begins if
the fork-bomb is run as root so what's left are the situations where the
hack is not ever needed)

> Strange, but it works great for me.

You've got very strange concept of "works great", I think.....

>  before the commit, I had lots of
> problems with forkbombs on systems that I had to deal with.

Wonders will never cease I suppose -- how did you manage to get so many
fork-bombs on your systems?  Pure dumb luck, or are you actually talking
about malicious users that can be better dealt with by other proper and
true fixes using resource limits and big sticks?  Why can't you just
kill the evil spawn yourself in the first place?  Why do you think you
need some kind of silly and incorrect kernel hack to help you out?

> Having lived several months in the forkbomb free zone of freebsd shows
> that this change is very worth while.

heh.

You're _NOT_ "free" of fork-bombs -- you just think you have it easier
when cleaning them up, but that's only because you haven't really
thought through the whole problem from beginning to end.  You haven't
really gained anything at all while in the mean time you have a kernel
that thinks it knows better when to delay some arbitrary process.

on FreeBSD you even have 'killall' to do most of the "hard" work for you

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>