Subject: Re: Fork bomb protection patch
To: None <tech-kern@netbsd.org>
From: David Young <dyoung@ojctech.com>
List: tech-kern
Date: 12/08/2002 00:32:51
On Sat, Dec 07, 2002 at 11:47:16PM -0500, Greg A. Woods wrote:
> 
> Obviously you can limit any and every process for any given user to some
> reasonable CPU time limit.
> 
> I.e. you can, now, today, reliably use RLIMIT_CPU to limit the CPU time
> of something like this genome program you mention, though you may have
> to give it a pseudo-UID in order to reliably and securely set this
> limit on the program.

  I cannot limit the CPU time of the genome program because when the
  original process for the program forks, its CPU time does not count
  against its child's limit.

  In other words, I cannot limit the CPU time for the process tree rooted
  at the genome program.

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Engineering from the Right Brain
                        Urbana, IL * (217) 278-3933