From owner-freebsd-hackers  Sat Feb  2 23:54:41 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240])
	by hub.freebsd.org (Postfix) with ESMTP id A797437B405
	for <freebsd-hackers@freebsd.org>; Sat,  2 Feb 2002 23:54:37 -0800 (PST)
Received: from blackbox.pacbell.net ([64.173.11.174])
 by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May  7 2001))
 with ESMTP id <0GQY00LMG5YZ53@mta6.snfc21.pbi.net> for
 freebsd-hackers@freebsd.org; Sat, 02 Feb 2002 23:54:37 -0800 (PST)
Received: (from mikem@localhost)	by blackbox.pacbell.net (8.11.6/8.11.6)
 id g137saC40573; Sat, 02 Feb 2002 23:54:36 -0800 (PST envelope-from mikem)
Date: Sat, 02 Feb 2002 23:54:36 -0800
From: Mike Makonnen <mike_makonnen@yahoo.com>
Subject: Re: fork rate limit
In-reply-to: <20020202223546.GA430@mail.web.am>
To: Gaspar Chilingarov <nm@web.am>
Cc: freebsd-hackers@freebsd.org
Message-id: <200202030754.g137saC40573@blackbox.pacbell.net>
MIME-version: 1.0
X-Mailer: Sylpheed version 0.6.5 (GTK+ 1.2.10; i386--freebsd4.4)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
References: <20020202201551.GA89061@mail.web.am>
 <200202022052.g12KqOM17214@apollo.backplane.com>
 <20020202223546.GA430@mail.web.am>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Sun, 3 Feb 2002 02:35:46 +0400
Gaspar Chilingarov <nm@web.am> wrote:

> 		I've got such situation on our free shellbox set up in the
> 		university - some newbies were kidding with old while(1) fork();
> 		attack. Finnaly they got hit by memory limits set up for each
> 		user, but anyway they were taking a lot of processor time. I
> 		prefer to limit some uid's ability to do many forks in some
> 		short period - like 'no more than 200 forks in 10 seconds' or
> 		smthng like this.

Lock them out of the box for a while. If they do it again ban them
forever. The students will learn pretty quickly not to do such things.
This means less work for you, and no need to continuously maintain diffs
against the kernel sources. IMO it's a *very,very* bad thing to
introduce changes into the kernel that might introduce unintended side
effects when the problem can be solved administratively.


cheers,
mike makonnen

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message