It appeared there is no serious objection against the sleep.

To avoid commits forth and back, I propose I'd leave things
as they are for time being, and change once a consensus
would be in place. I'm ready to remove the sleep, of course.

Jaromir

Bill Studenmund wrote:
> On Thu, 5 Dec 2002, Jaromir Dolecek wrote:
> 
> > Log Message:
> > Couple fork-bomb defense changes:
> >
> > - leave 5 processes for root-only use, the previous value of 1
> >   was unsufficient to execute additional commands once logged, and
> >   perhaps also not enough to actually login remotely with recent (open)sshd
> > - protect the log of "proc: table full" with ratecheck(), so that
> >   the message is only logged once per 10 seconds; though syslogd normally
> >   doesn't pass the repeated messages through, this avoids flooding
> >   syslogd and potentially also screen/logs
> > - If the process hits either system limit of number of processes in system,
> >   or user's limit of same, force the process to sleep for 0.5 seconds
> >   before returning failure. This turns 2000 rampaging fork monsters into
> >   2000 harmlessly snoozing fork monsters.
> >   The sleep is intentionally uninterruptible by signals.
> >
> > These are not intended as ultimate protection agains fork-bombs.
> > Determined attacker can eat CPU differently than via repeating
> > fork() calls. But this is good enough to help protect against
> > programming mistakes or simple-minded tests.
> >
> > Based on FreeBSD kern_fork.c change in revision 1.132 by
> > Mike Silbersack <silby at FreeBSD org>
> >
> > Change also discussed on tech-kern@NetBSD.org, thread
> > 'Fork bomb protection patch'.
> 
> WHAT ARE YOU DOING!!!!
> 
> The thread you refer to is still on-going, and the last of Roland's posts
> I've seen indicate that the .5 second wait is a load of crap. It doesn't
> really help, and it's a kludge.
> 
> So why did you check it in, refering to a thread as being justification?
> 
> Please revert the sleep part (the rest seems fine).
> 
> Take care,
> 
> Bill
> 


-- 
Jaromir Dolecek <jdolecek@NetBSD.org>            http://www.NetBSD.org/
-=- We should be mindful of the potential goal, but as the tantric    -=-
-=- Buddhist masters say, ``You may notice during meditation that you -=-
-=- sometimes levitate or glow.   Do not let this distract you.''     -=-