Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759972AbXHTOm6 (ORCPT ); Mon, 20 Aug 2007 10:42:58 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753291AbXHTOmv (ORCPT ); Mon, 20 Aug 2007 10:42:51 -0400 Received: from mx1.redhat.com ([66.187.233.31]:44263 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752502AbXHTOmu (ORCPT ); Mon, 20 Aug 2007 10:42:50 -0400 Message-ID: <46C9A867.6090509@redhat.com> Date: Mon, 20 Aug 2007 10:42:47 -0400 From: Chris Snook User-Agent: Thunderbird 2.0.0.0 (X11/20070419) MIME-Version: 1.0 To: Anand Jahagirdar CC: linux-kernel@vger.kernel.org Subject: Re: Fork Bombing Patch References: <25ae38200708152324t4cbadc24ge05cd75f8f0e60e4@mail.gmail.com> <46C4BC46.7000305@redhat.com> <25ae38200708200724sbce2749m7eb27565d7c84e5e@mail.gmail.com> In-Reply-To: <25ae38200708200724sbce2749m7eb27565d7c84e5e@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1577 Lines: 31 Anand Jahagirdar wrote: > Hi > As Per the Previous Discussion of my Patch,I think insted of using > KERN_CRIT,it is better to lower the priority level to KERN_WARNING. > thats why i used KERN_WARNING.it will warn administrator and its > administrator responsibility to take whatever action he want to take. > > anand Philosophically, I'm okay with the idea of a forkbomb meriting KERN_WARN priority, but we should never have a printk that can be trivially triggered by an unprivileged user that gets anything higher than KERN_INFO. If I'm an attacker, and I want to do bad things without getting logged, the first thing I do is launch a carefully-tuned forkbomb that doesn't bog down the system, just triggers this message as often as the ratelimit will allow. Once /var/log is full, I can do my nastiness. Administrators need to be able to protect against that kind of thing without losing the ability to log KERN_WARN and higher priority messages. Also, I stand by my assertion that we should only be complaining if the hard limit is also exceeded, since it's totally valid for an application to self-constrain using soft limits. It may be uncommon, but the people who happen to use whatever applications do this will be very unhappy when they update their kernel and /var fills up from this spew. -- Chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/