Subject: Re: Fork bomb protection patch
To: Bill Sommerfeld <sommerfeld@netbsd.org>
From: Lord Isildur <mrfusion@uranium.vaxpower.org>
List: tech-kern
Date: 12/06/2002 18:49:32
exactly. stop 'em first so they cant keep forking, and then pick them off 
at your leisure. in the situation where there were no slots reserved for root
(e.g. older linux systems (do newer ones reserve a slot? dontknow)), i 
exec'ed top to send signals.. 

isildur


On Fri, 6 Dec 2002, Bill Sommerfeld wrote:

> > Actually, yes it is hard.  I've cleaned up from several fork bombs and
> > you gotta get the right ps | grep | xargs kill right or the fork bomb
> > surives.  Even then there is a race between the ps and more processes
> > forking.  I usually have to run my ps | grep| xargs kill command
> > several times in a row to completely kill the forkbomb w/o a rate
> > limiter.
> 
> I've found that a two-stage cleanup works well:
> 
>  - SIGSTOP them all
>  - SIGKILL them all
> 
> If you start with SIGKILL, shooting processes while there are still
> live ones just creates more room for the live ones to expand into.
> 
>