tech-kern: Re: Fork bomb protection patch (Was: Re: CVS commit: syssrc/sys/kern)

Subject: Re: Fork bomb protection patch (Was: Re: CVS commit: syssrc/sys/kern)
To: None <tls@rek.tjls.com>
From: Jaromir Dolecek <jdolecek@netbsd.org>
List: tech-kern
Date: 12/08/2002 20:47:12

Thor Lancelot Simon wrote:
> Here's a clue for you: every fall, like clockwork, this problem rears
> its head on basically every shared Unix system used to teach undergraduates
> how to write simple Unix programs *in the world*.

I realize this.

Fact is that administrators deal with the problem other way, i.e.
suspend the account, kick the person in butt, whatever. It's not
really a system bug that the fork-bomb is possible; it's feature
of multiuser time-sharing system. This is perhaps why nobody is
asking for any 'solution' or 'fix'. At least, I did not notice any
discussion about fork-bomb protection on our mailing lists, nor
among the admins while I was on university.

> If the solution you
> propose didn't totally suck, believe me, given the academic history of
> Berkeley Unix, it would be the default system behaviour by now.

Chance is nobody ever thought about solution like this. It is in
FreeBSD tree for about half a year only now. I guess that it did
not cause any ill effects for them so far, since there are no
further refinements to the behaviour in later commits, and the code
is still there (just shuffled a bit due to unrelated kernel changes).
They also have it pulled to stable branch, so FreeBSD 4.7
is likely to include it.

> I'll tell you what: let's pick an arbiter who's got as much relevant
> experience here as is available to us.  I've spent plenty of time
> running Unix timesharing systems, but I'm already involved in the
> debate.  If you come up with a solution that satisfies kre (after you
> show him the rest of this discussion), I'll drop my objections.  Does that 
> work for you?

Sure. How could I get him involved - just ask him to read whole thread?

Generally, I'd be really interested if the new behaviour causes
any problems on any real system. The change is very clever hack.
It definitely appears to solve the problem in hand in quite
elegant way. It's kinda "why I never thought about this?" thing.
I guess that more experience is needed to actually prove if the
behaviour is useful, or if it causes too many problems.

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>            http://www.NetBSD.org/
-=- We should be mindful of the potential goal, but as the tantric    -=-
-=- Buddhist masters say, ``You may notice during meditation that you -=-
-=- sometimes levitate or glow.   Do not let this distract you.''     -=-