Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755689AbXFLQt7 (ORCPT ); Tue, 12 Jun 2007 12:49:59 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754632AbXFLQtv (ORCPT ); Tue, 12 Jun 2007 12:49:51 -0400 Received: from py-out-1112.google.com ([64.233.166.179]:21874 "EHLO py-out-1112.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754641AbXFLQtu (ORCPT ); Tue, 12 Jun 2007 12:49:50 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=DSXQxZGxcHJsvhiyF98H70Uo+EXpuPWiN7LTgbzW6M6ftvylNrMDotzEZSkbc8ISanZLtACK3KNXGR2fJTS0SOjbB9zEgvag7bYp1VZQYMcUsIf+d0PPI5MRc2BqnpIBNVvJaFkjMNT3ZDN0U/ubqP0zUA1itwO3k/1ilSN1FDU= Message-ID: <25ae38200706120949vaeb8e0ascd182ef2f709d0fc@mail.gmail.com> Date: Tue, 12 Jun 2007 22:19:49 +0530 From: "Anand Jahagirdar" To: linux-kernel@vger.kernel.org, security@kernel.org, "Andrew Morton" , akpm@digeo.com, "Daniel Hazelton" , "Jens Axboe" , "Jiri Kosina" Subject: Patch related with Fork Bobmbing Attack MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_4915_16048807.1181666989465" Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3127 Lines: 64 ------=_Part_4915_16048807.1181666989465 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello All As per the discussion in the thread with subject as Patch Related with Fork Bombing Attack on LKML, I request you for the inclusion of my attached patch named "fork.patch". Summery of the Patch: This patch warns the administrator about the fork bombing attack (whenever any user is crossing its process limit). I have used printk_ratelimit function in this patch. This function helps to prevent flooding of syslog and prints message as per the values set by root user in following files:- 1) /proc/sys/kernel/printk_ratelimit:- This file contains value for, how many times message should be printed in syslog. 2) /proc/sys/kernel/printk_ratelimit_burst: - This file contains value for, after how much time message should be repeated. This patch is really helpful for administrator/root user from security point of view. They can take action against attacker by looking at syslog messages related with fork bombing attack. Added comments will definitely help developers. Signed-Off-by: Anand Jahagirdar ------=_Part_4915_16048807.1181666989465 Content-Type: text/plain; name=fork.patch; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: base64 X-Attachment-Id: f_d2xkaf71 Content-Disposition: attachment; filename="fork.patch" SW5kZXg6IHJvb3QvRGVza3RvcC9hMS9saW51eC0yLjYuMTcudGFyLmJ6Ml9GSUxFUy9saW51eC0y LjYuMTcva2VybmVsL2ZvcmsuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSByb290Lm9yaWcvRGVza3RvcC9hMS9s aW51eC0yLjYuMTcudGFyLmJ6Ml9GSUxFUy9saW51eC0yLjYuMTcva2VybmVsL2ZvcmsuYwkyMDA3 LTA2LTA1IDE5OjE2OjI4LjAwMDAwMDAwMCArMDUzMAorKysgcm9vdC9EZXNrdG9wL2ExL2xpbnV4 LTIuNi4xNy50YXIuYnoyX0ZJTEVTL2xpbnV4LTIuNi4xNy9rZXJuZWwvZm9yay5jCTIwMDctMDYt MDUgMTk6MTg6MDcuMDAwMDAwMDAwICswNTMwCkBAIC05NTgsMTEgKzk1OCwxOCBAQAogCXJldHZh bCA9IC1FQUdBSU47CiAJCiAKKwkvKgorICAgICAgICAgKiBmb2xsb3dpbmcgY29kZSBkb2VzIG5v dCBhbGxvdyBOb24gUm9vdCBVc2VyIHRvIGNyb3NzIGl0cyBwcm9jZXNzCisgICAgICAgICAqIGxp bWl0LiBpdCBhbGVydHMgYWRtaW5pc3RyYXRvciBhYm91dCBmb3JrIGJvbWJpbmcgYXR0YWNrIGFu ZCBwcmV2ZW50cworICAgICAgICAgKiBpdC4KKyAgICAgICAgICovCiAJaWYgKGF0b21pY19yZWFk KCZwLT51c2VyLT5wcm9jZXNzZXMpID49IHAtPnNpZ25hbC0+cmxpbVtSTElNSVRfTlBST0NdLnJs aW1fY3VyKSAKIAkJaWYgKCFjYXBhYmxlKENBUF9TWVNfQURNSU4pICYmICFjYXBhYmxlKENBUF9T WVNfUkVTT1VSQ0UpICYmCi0JCQkJcC0+dXNlciAhPSAmcm9vdF91c2VyKSAKLQkKKwkJCQlwLT51 c2VyICE9ICZyb290X3VzZXIpIHsKKwkJCWlmIChwcmludGtfcmF0ZWxpbWl0KCkpCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHByaW50ayhLRVJOX0NSSVQiVXNlciB3aXRoIHVpZCAl ZCBpcyBjcm9zc2luZyBpdHMgcHJvY2VzcyBsaW1pdFxuIixwLT51c2VyLT51aWQpOwogCQkJZ290 byBiYWRfZm9ya19mcmVlOworCQl9CiAJCQkJCiAKIAlhdG9taWNfaW5jKCZwLT51c2VyLT5fX2Nv dW50KTsK ------=_Part_4915_16048807.1181666989465-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/