Subject: inetd limits
To: None <email@example.com>
From: Tomas Svensson <firstname.lastname@example.org>
Date: 12/01/2001 20:10:54
How about adding a concurrency limit in inetd so that only a specified
number of simultaneous invocations of each service may be started? The
"rate" protection used now is not very effective, by default someone
can start a service 39 times per minute until the system hits the
process or memory limits. I suggest adding these flags to inetd(8):
Specify the default maximum number of simultaneous invocations
of each service; the default is unlimited. May be overridden on
a per service basis with the "max-child" parameter.
Specify the default maximum number of times a service can be
invoked in one minute; the default is 40. May be overridden on
a per service basis with the "max-rate" parameter.
And ofcourse change the wait/nowait[:max] parameter in inetd.conf to
I have already implemented and tested this locally and can submit
patches if needed.