Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760020AbXHTO0T (ORCPT ); Mon, 20 Aug 2007 10:26:19 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1759051AbXHTO0E (ORCPT ); Mon, 20 Aug 2007 10:26:04 -0400 Received: from wr-out-0506.google.com ([64.233.184.233]:49869 "EHLO wr-out-0506.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756382AbXHTO0C (ORCPT ); Mon, 20 Aug 2007 10:26:02 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=q3ThGW+w3idthwNXhgZTqcasauM3g+BmLCga4rfnntnKH1kj99OuOHl9X/nAC5yrR8XtogQRBe8KS/24M6/vR2DT0Zs/Y9zvHUPsWM+U4THK2kF0l6ESMUDMDkEHg4VPZP9qjmeJwpLxVjIY+6uRWfz7w3q2yTxoxK+raPzakZQ= Message-ID: <25ae38200708200726tdf097b1kcd0269cf11c53bf3@mail.gmail.com> Date: Mon, 20 Aug 2007 19:56:00 +0530 From: "Anand Jahagirdar" To: "Krzysztof Halasa" Subject: Re: Fork Bombing Patch Cc: linux-kernel@vger.kernel.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <25ae38200708152324t4cbadc24ge05cd75f8f0e60e4@mail.gmail.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1589 Lines: 38 Hi I think Its not worth to make it configurable just for one printk statement. am i missing something? anand On 8/16/07, Krzysztof Halasa wrote: > "Anand Jahagirdar" writes: > > > +++ linux-2.6.17/kernel/fork.c > > + /* > > + * following code does not allow Non Root User to cross its process > > + * limit and it alerts administrator about user Nearing the process limit. > > + */ > > + > > if (atomic_read(&p->user->processes) >= p->signal->rlim[RLIMIT_NPROC].rlim_cur) > > if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && > > - p->user != &root_user) > > + p->user != &root_user) { > > + if (printk_ratelimit()) > > + printk(KERN_WARNING "User with uid %u is Nearing the process limit\n",p->user->uid); > > + > > goto bad_fork_free; > > At least make that configurable - on some systems users are allowed > 50 processes or so and I'm sure admins don't really want to know > which particular users are currently close to limits. > > I don't really find the above useful. Perhaps we should warn when users > try to write to R/O files or execute root-only commands etc? > -- > Krzysztof Halasa > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/