[ On Sunday, December 8, 2002 at 19:01:12 (-0500), Roland Dowdeswell wrote: ]
> Subject: Re: Fork bomb protection patch (Was: Re: CVS commit: syssrc/sys/kern) 
>
> On 1039380661 seconds since the Beginning of the UNIX epoch
> Jaromir Dolecek wrote:
> >
> >You are also right that e.g. inetd is in the same boat, tho IIRC
> >inetd does some connection throttling (allows only 100 per second?).
> 
> Yes, but 100 per second does not bound the number of children, it
> is only a bound on the derivative of the number of children.

Since inetd normally runs as root, it must do its own connection and
fork() throttling since the kernel cannot do it on its behalf without
endangering the whole system.

It is therefore not a very good example for the purposes of this thread.

Note that I've merged several such features from other implementations
to create a much more controllable inetd:  PR#18955

The login.conf(5) support I added though might be relavent to this
thread.  It ensures that the right RLIMIT settings are used for inetd's
children thus allowing the ultimate derrivative number of children to be
controlled in the normal way.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>