Jaromir Dolecek <jdolecek@netbsd.org> writes:
> It appeared there is no serious objection against the sleep.

If you think that our comments to the effect that we don't want it
constitute "no objection", then what WOULD be an objection?

Remove the sleep change. Remove it now.

Perry

> To avoid commits forth and back, I propose I'd leave things
> as they are for time being, and change once a consensus
> would be in place. I'm ready to remove the sleep, of course.
> 
> Jaromir
> 
> Bill Studenmund wrote:
> > On Thu, 5 Dec 2002, Jaromir Dolecek wrote:
> > 
> > > Log Message:
> > > Couple fork-bomb defense changes:
> > >
> > > - leave 5 processes for root-only use, the previous value of 1
> > >   was unsufficient to execute additional commands once logged, and
> > >   perhaps also not enough to actually login remotely with recent (open)sshd
> > > - protect the log of "proc: table full" with ratecheck(), so that
> > >   the message is only logged once per 10 seconds; though syslogd normally
> > >   doesn't pass the repeated messages through, this avoids flooding
> > >   syslogd and potentially also screen/logs
> > > - If the process hits either system limit of number of processes in system,
> > >   or user's limit of same, force the process to sleep for 0.5 seconds
> > >   before returning failure. This turns 2000 rampaging fork monsters into
> > >   2000 harmlessly snoozing fork monsters.
> > >   The sleep is intentionally uninterruptible by signals.
> > >
> > > These are not intended as ultimate protection agains fork-bombs.
> > > Determined attacker can eat CPU differently than via repeating
> > > fork() calls. But this is good enough to help protect against
> > > programming mistakes or simple-minded tests.
> > >
> > > Based on FreeBSD kern_fork.c change in revision 1.132 by
> > > Mike Silbersack <silby at FreeBSD org>
> > >
> > > Change also discussed on tech-kern@NetBSD.org, thread
> > > 'Fork bomb protection patch'.
> > 
> > WHAT ARE YOU DOING!!!!
> > 
> > The thread you refer to is still on-going, and the last of Roland's posts
> > I've seen indicate that the .5 second wait is a load of crap. It doesn't
> > really help, and it's a kludge.
> > 
> > So why did you check it in, refering to a thread as being justification?
> > 
> > Please revert the sleep part (the rest seems fine).
> > 
> > Take care,
> > 
> > Bill
> > 
> 
> 
> -- 
> Jaromir Dolecek <jdolecek@NetBSD.org>            http://www.NetBSD.org/
> -=- We should be mindful of the potential goal, but as the tantric    -=-
> -=- Buddhist masters say, ``You may notice during meditation that you -=-
> -=- sometimes levitate or glow.   Do not let this distract you.''     -=-
> 

-- 
Perry E. Metzger		perry@piermont.com