From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752723AbdDIWKy (ORCPT ); Sun, 9 Apr 2017 18:10:54 -0400 Received: from mail1316.opentransfer.com ([76.162.254.112]:47526 "EHLO mail1316.opentransfer.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752567AbdDIWKq (ORCPT ); Sun, 9 Apr 2017 18:10:46 -0400 X-Greylist: delayed 399 seconds by postgrey-1.27 at vger.kernel.org; Sun, 09 Apr 2017 18:10:45 EDT Comment: DKIM? See http://www.dkim.org Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dkim-shared; d=osndok.com; h=Received:Received:X-Originating-IP:Date:From:To:Subject:Message-ID:X-Mailer:MIME-Version:Content-Type:Content-Transfer-Encoding; b=TZdvfGMCSoWhd2C1z0iTFHSbK92lI0Cw8kYp2t2ykGpCjq7efViVxP/J3AMZqC B2d3j5nVoALa+odJ55O3eXpv3RrvkqOkJrBYsHQ4QGnVKW0ZSgqzue8P4IiyWQWd PHPAoxwi+/Fh/ALf74bONVuEooYxaH8MLO9JAde/YcKOI=; X-Originating-IP: 99.10.237.178 Date: Sun, 9 Apr 2017 17:04:04 -0500 From: Robert Hailey To: linux-kernel@vger.kernel.org Subject: A long overdue fork-bomb defense ?! (idea + psuedocode, no patch yet) Message-ID: <20170409170404.668d19c0@BE-Personal4> X-Mailer: Claws Mail 3.14.0 (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Another fork bomb thread? Didn't we decide in the 90's that the answer was "configure process limits" or "if it was solvable surly a solution would have been found by now"? Somewhat continuing from: https://lkml.org/lkml/2011/4/8/275 ...but a more refined idea and psuedocode. ASAICS I have "the ultimate solution to fork bombs"... the synopsis: * When we run out of process table space, clear the worst offenders, and erect a "wall" in the forkbomb's cgroup for the rest of the fork bomb to hurriedly run into and die a horrible death. But the efficacy of one's own ideas are hard to judge, so I would appreciate anyone smarter than me either: * pointing out how horribly wrong I am, or * helping flesh out the idea into a patch or proof-of-concept that it might be tested ... otherwise my lack of c-language skill and kernel experience might make this languish for years to come until anything actually comes of this. If you interested, of course, psuedocode is here it is for your dissection: * http://osndok.com/pubfiles/forkbomb-patch.html If it is more appropriate to dump the psuedocode into the email thread, I can do that instead... I don't know what is preferred. Thanks in advance. -- Robert Hailey (Non-subscriber, please CC me in responses)