Subject: Re: Fork bomb protection patch
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Richard Earnshaw <>
List: tech-kern
Date: 12/07/2002 02:10:49
> > Of course, to make this really robust against a 'smart' bomb that
> > spots its mates getting SIGSTOPped and SIGCONTing them, if a process
> > is SIGSTOPped by root, then only root should be able to continue it
> > again.
> What about a smartbomb that just SIGKILLs stopped peers, letting
> someone re-fork a replacement?  Should a root-SIGSTOPped process be
> unkillable at all by anyone but root?

Hmm, a smart bomb that cleans up after itself :-)  One less for root to 
remove once the system is finally under controll.