tech-kern: Re: Fork bomb protection patch

Subject: Re: Fork bomb protection patch
To: None <dyoung@pobox.com>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 12/07/2002 23:47:16
[ On Saturday, December 7, 2002 at 21:11:39 (-0600), David Young wrote: ]
> Subject: Re: Fork bomb protection patch
>
>   I have a problem with RLIMIT_CPU because there is no setting of it
>   with which I can confidently limit the C programming student or the
>   genome program to 30 minutes of CPU time.

Obviously you can limit any and every process for any given user to some
reasonable CPU time limit.

I.e. you can, now, today, reliably use RLIMIT_CPU to limit the CPU time
of something like this genome program you mention, though you may have
to give it a pseudo-UID in order to reliably and securely set this
limit on the program.

As for limiting the cumulative use of CPU time by a student, well.... 

>   Almost.  I am looking for recognition that there is a problem which
>   cumulative process accounting solves, because I think that solutions
>   to non-problems do not belong in NetBSD. =)

Obviously there has been recognition by many people of the value of
cumulative resource accounting, and even realtime or runtime
accumulation and enforcement of per-user (and even per-session) resource
accmounting and account limits, ever since the good old Multics days
(i.e. perhaps even before "UNIX" was born, though certainly by the late
1970's).

In unix and unix-like systems though you have to deal with these issues
by doing resource accounting in batch mode, not realtime/runtime, and as
a result your granularity for policy enforcement will be rather large
and thus the less useful than you might desire (though the more
resources you dedicate to keeping track of resource usage, the finer the
granularity will be).

Indeed these days many people do see these kinds of tools as obsolete,
but they obviously fail to appreciate and fully understand that even
though resources might be cheap, and often are not even really shared
simultaneously by users any more, resource accounting can still be
useful for enforcing many kinds of more interesting policies, not just
for the mundane job of extracting payment in return for usage....

For more information on what's presently available on NetBSD systems see
accton(8), acct(5), and sa(8).  (also ac(8) and utmp(5) too of course)

There are other existing open-source tools that might be relatively
easily adapted, such as SGI's GNU/Linux Comprehensive System Accounting
package:  http://oss.sgi.com/projects/csa/

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>