Date: 10 Jul 2000 22:55:05 +0200 From: Cyrille Lefevre <clefevre%no-spam@citeweb.net> To: Narvi <narvi@haldjas.folklore.ee> Cc: core-ix@hushmail.com, freebsd-hackers@FreeBSD.ORG Subject: Re: Some proposals to FreeBSD kernel Message-ID: <puologd2.fsf@pc166.gits.fr> In-Reply-To: Narvi's message of "Mon, 10 Jul 2000 17:06:19 %2B0200 (EET)" References: <Pine.BSF.3.96.1000710165917.36592D-100000@haldjas.folklore.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
Narvi <narvi@haldjas.folklore.ee> writes:
> [i think this might just as well belong in -questions]
>
> On 10 xxx -1 core-ix@hushmail.com wrote:
>
> > I'm 18-year-old newbie UNIX programmer that currently use
> > FreeBSD and is really thankfull of it.I run it on DUAL PII/333.
> >
> > Some days ago my friend tell me that with simple user rights
> > and whit only 1 line of code he could crash my machine. I laught
> > but he did it :(.
> >
> > What he wrote was ' int main(void) {while(1) fork(); }' compiled it
> > and run it. Within a second /kernel said "proc: table is full" and
> > died. I tried this on some other BSD unixes and the result was
> > same. (BTW Minix 2.0 seem unaffected and probably other SVR4
> > variants, because you can limit the number of system processes
> > and system still have resources to work fine(although slow))
> >
>
> And you can do the same with BSD. See limits(1), csh(1), sh(1),
> login.conf(5)
some time ago, I had a similar problem. too many processes forked, power off...
reboot impossible. the cause of this problem was to define nisdomainname w/
activating nis services. so portmap give up thoses processes to log errors
messages because it was trying to contact nis services which was not there.
I take some time to find /etc/login.conf. the question is, why all default
limits are so permissives (unlimited) by default ? as I remember, it took me
some days w/ many boots to find the reason of portmap failure. an idea would
be to add some limit to limit the number of processes forked by a process (at
one time in addition to the number of processes by user which may be relative
to the system wide limit (maxprocperproc=nproc-10). which is something like the
openfiles limit (w/o the system wide reference but which is possible as well,
like maxfilesperproc=nfiles-10).
Cyrille.
--
home:mailto:clefevre%no-spam@citeweb.net Supprimer "%no-spam" pour me repondre.
work:mailto:Cyrille.Lefevre%no-spam@edf.fr Remove "%no-spam" to answer me back.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?puologd2.fsf>