Subject: CVS commit: syssrc/sys/kern
To: None <source-changes@netbsd.org>
From: Jaromir Dolecek <jdolecek@netbsd.org>
List: source-changes
Date: 12/05/2002 18:24:46
Module Name:	syssrc
Committed By:	jdolecek
Date:		Thu Dec  5 16:24:46 UTC 2002

Modified Files:
	syssrc/sys/kern: kern_fork.c

Log Message:
Couple fork-bomb defense changes:

- leave 5 processes for root-only use, the previous value of 1
  was unsufficient to execute additional commands once logged, and
  perhaps also not enough to actually login remotely with recent (open)sshd
- protect the log of "proc: table full" with ratecheck(), so that
  the message is only logged once per 10 seconds; though syslogd normally
  doesn't pass the repeated messages through, this avoids flooding
  syslogd and potentially also screen/logs
- If the process hits either system limit of number of processes in system,
  or user's limit of same, force the process to sleep for 0.5 seconds
  before returning failure. This turns 2000 rampaging fork monsters into
  2000 harmlessly snoozing fork monsters.
  The sleep is intentionally uninterruptible by signals.

These are not intended as ultimate protection agains fork-bombs.
Determined attacker can eat CPU differently than via repeating
fork() calls. But this is good enough to help protect against
programming mistakes or simple-minded tests.

Based on FreeBSD kern_fork.c change in revision 1.132 by
Mike Silbersack <silby at FreeBSD org>

Change also discussed on tech-kern@NetBSD.org, thread
'Fork bomb protection patch'.


To generate a diff of this commit:
cvs rdiff -r1.100 -r1.101 syssrc/sys/kern/kern_fork.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.