All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Simon Arlott" <simon@fire.lp0.eu>
To: "Jan Engelhardt" <jengelh@computergmbh.de>
Cc: "Roland Dreier" <rdreier@cisco.com>,
	"Anand Jahagirdar" <anandjigar@gmail.com>,
	linux-kernel@vger.kernel.org, security@kernel.org,
	"Andrew Morton" <akpm@linux-foundation.org>,
	akpm@digeo.com, "Daniel Hazelton" <dhazelton@enter.net>,
	"Jens Axboe" <jens.axboe@oracle.com>,
	"Jiri Kosina" <jikos@jikos.cz>
Subject: Re: Patch related with Fork Bobmbing Attack
Date: Wed, 13 Jun 2007 12:34:09 +0100	[thread overview]
Message-ID: <38425.simon.1181734449@5ec7c279.invalid> (raw)
In-Reply-To: <Pine.LNX.4.64.0706121931390.19578@fbirervta.pbzchgretzou.qr>

On Tue, June 12, 2007 18:32, Jan Engelhardt wrote:
> On Jun 12 2007 10:04, Roland Dreier wrote:
>> > +	/*
>> > +         * following code does not allow Non Root User to cross its process
>> > +         * limit. it alerts administrator about fork bombing attack and prevents
>> > +         * it.
>> > +         */
>> >  	if (atomic_read(&p->user->processes) >= p->signal->rlim[RLIMIT_NPROC].rlim_cur)
>> >  		if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
>> > -				p->user != &root_user)
>> > -
>> > +				p->user != &root_user) {
>> > +			if (printk_ratelimit())
>> > +                                printk(KERN_CRIT"User with uid %d is crossing its process
>> limit\n",p->user->uid);
>> >  			goto bad_fork_free;
>> > +		}

Why does this need to be KERN_CRIT? You can't assume that every time a process limit is reached that it's a
fork bomb.

-- 
Simon Arlott

  reply	other threads:[~2007-06-13 11:34 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-06-12 16:49 Patch related with Fork Bobmbing Attack Anand Jahagirdar
2007-06-12 17:04 ` Roland Dreier
2007-06-12 17:32   ` Jan Engelhardt
2007-06-13 11:34     ` Simon Arlott [this message]
2007-06-13 14:44       ` Daniel Hazelton
2007-06-13 20:25         ` Krzysztof Halasa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=38425.simon.1181734449@5ec7c279.invalid \
    --to=simon@fire.lp0.eu \
    --cc=akpm@digeo.com \
    --cc=akpm@linux-foundation.org \
    --cc=anandjigar@gmail.com \
    --cc=dhazelton@enter.net \
    --cc=jengelh@computergmbh.de \
    --cc=jens.axboe@oracle.com \
    --cc=jikos@jikos.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rdreier@cisco.com \
    --cc=security@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.