Subject: Re: Fork bomb protection patch
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Richard Earnshaw <firstname.lastname@example.org>
Date: 12/07/2002 02:10:49
> > Of course, to make this really robust against a 'smart' bomb that
> > spots its mates getting SIGSTOPped and SIGCONTing them, if a process
> > is SIGSTOPped by root, then only root should be able to continue it
> > again.
> What about a smartbomb that just SIGKILLs stopped peers, letting
> someone re-fork a replacement? Should a root-SIGSTOPped process be
> unkillable at all by anyone but root?
Hmm, a smart bomb that cleans up after itself :-) One less for root to
remove once the system is finally under controll.