Date: Mon, 3 Jan 2000 11:58:02 -0500 (EST) From: kbyanc@posi.net To: FreeBSD-gnats-submit@freebsd.org Subject: kern/15860: patch to make default kern.maxfilesperproc < kern.maxfiles Message-ID: <200001031658.LAA12448@kronos.alcnet.com>
next in thread | raw e-mail | index | archive | help
>Number: 15860 >Category: kern >Synopsis: patch to make default kern.maxfilesperproc < kern.maxfiles >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jan 3 09:00:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Kelly Yancey >Release: FreeBSD 3.2-STABLE i386 >Organization: >Environment: FreeBSD 3.2-STABLE i386 >Description: Kern.maxfilesperproc defaults to the same value as kern.maxfiles (MAXFILES in sys/conf/param.c). However, as noted in multiple threads on the -hackers mailing list this behaviour can cause a rogue process to runaway without root being able to kill it. Admittingly, this is purely the admin's fault for not setting limits, but there is no good reason to have the system default to a state that allows this to occur. >How-To-Repeat: >Fix: The simple patch below reduces the maxfilesperproc to initially be less than maxfiles. The number 20 was more or less pulled out of thin air and feel free to adjust it, so long as the change gets made. I picked twenty simply because it is less than the minimum value of MAXFILES (which is 2*NPROC which is 72 when MAXUSERS is 1) and should be enough for root to login and run ps/kill. - Kelly --- sys/conf/param.c.orig Mon Jan 3 11:34:59 2000 +++ sys/conf/param.c Mon Jan 3 11:38:44 2000 @@ -80,7 +80,7 @@ int maxproc = NPROC; /* maximum # of processes */ int maxprocperuid = NPROC-1; /* maximum # of processes per user */ int maxfiles = MAXFILES; /* system wide open files limit */ -int maxfilesperproc = MAXFILES; /* per-process open files limit */ +int maxfilesperproc = MAXFILES - 20; /* per-process open files limit */ int ncallout = 16 + NPROC + MAXFILES; /* maximum # of timer events */ /* maximum # of mbuf clusters */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001031658.LAA12448>