Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758127AbXFMLe3 (ORCPT ); Wed, 13 Jun 2007 07:34:29 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1757459AbXFMLeU (ORCPT ); Wed, 13 Jun 2007 07:34:20 -0400 Received: from proxima.lp0.eu ([85.158.45.36]:42882 "EHLO proxima.lp0.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757406AbXFMLeT (ORCPT ); Wed, 13 Jun 2007 07:34:19 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=exim; d=fire.lp0.eu; h=Received:Received:Message-ID:In-Reply-To:References:Date:Subject:From:To:Cc:User-Agent:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:Importance; b=nQFXv+WgIhte9w8BYeQa68Pzw8661xbIHRI72fH29WAcb1hSwSw/QMPR540UYjNuGE0KOFIeFDQegwdoNbrj+orxl7CzUOnvNaUWzWpBtpgTnB9KMgbQHYKMtd9mJYwo; Message-ID: <38425.simon.1181734449@5ec7c279.invalid> In-Reply-To: References: <25ae38200706120949vaeb8e0ascd182ef2f709d0fc@mail.gmail.com> Date: Wed, 13 Jun 2007 12:34:09 +0100 Subject: Re: Patch related with Fork Bobmbing Attack From: "Simon Arlott" To: "Jan Engelhardt" Cc: "Roland Dreier" , "Anand Jahagirdar" , linux-kernel@vger.kernel.org, security@kernel.org, "Andrew Morton" , akpm@digeo.com, "Daniel Hazelton" , "Jens Axboe" , "Jiri Kosina" User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT X-Priority: 3 (Normal) Importance: Normal Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1122 Lines: 28 On Tue, June 12, 2007 18:32, Jan Engelhardt wrote: > On Jun 12 2007 10:04, Roland Dreier wrote: >> > + /* >> > + * following code does not allow Non Root User to cross its process >> > + * limit. it alerts administrator about fork bombing attack and prevents >> > + * it. >> > + */ >> > if (atomic_read(&p->user->processes) >= p->signal->rlim[RLIMIT_NPROC].rlim_cur) >> > if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && >> > - p->user != &root_user) >> > - >> > + p->user != &root_user) { >> > + if (printk_ratelimit()) >> > + printk(KERN_CRIT"User with uid %d is crossing its process >> limit\n",p->user->uid); >> > goto bad_fork_free; >> > + } Why does this need to be KERN_CRIT? You can't assume that every time a process limit is reached that it's a fork bomb. -- Simon Arlott - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/