[ On Wednesday, December 4, 2002 at 22:24:35 (+0100), Jaromir Dolecek wrote: ]
> Subject: Re: Fork bomb protection patch
>
> Lord Isildur wrote:
> > if the user has reached his limit, then he's not yet exceeded it.. 
> > albeit on the very edge of it, he should not be penalized for using the 
> > resources that he was already granted. refuse to give any further 
> > resources, sure.. but sleeping a process for .5s is an eternity! just 
> > deny the requesting process any further fork()s, as we already would do if
> > the table was full or the per-user limit was reached. 
> 
> Problem is that we can't 'deny further forks', since the program

I think he means "deny the requesting process _this_ fork(), as we
already would do if the table was full or the per-user limit was
reached."

The sleep is unnecessary, undesirable, and really very inelegant --
programs that want to fork() reliably have either already learned to
deal with the issue in some way, or they are broken.  Forcing them to
sleep doesn't help anything -- the ones that are not buggy will sleep()
anyway.

Fearing a bunch of broken or purposefully CPU-looping processes is
irrational.  If that's a problem then the solution lies in adjusting
their scheduling priorities, not in forcing them to sleep iff they try
to fork()!

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>