Date: Wed, 10 Oct 2007 09:46:22 -0400
From: Gustavo Chain <g@0xff.cl>
To: David Newall <david@davidnewall.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Reserve N process to root
Message-ID: <20071010094622.7b8121cf@0xff.cl>
In-Reply-To: <470C66A6.2060801@davidnewall.com>
References: <20071009194820.6c8d6e8d@0xff.cl>
	<470C2FA7.5030207@davidnewall.com>
	<20071010011523.7d6cca12@0xff.cl>
	<470C66A6.2060801@davidnewall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1082
Lines: 33

El Wed, 10 Oct 2007 15:14:06 +0930
David Newall <david@davidnewall.com> escribió:

> Gustavo Chain wrote:
> > El Wed, 10 Oct 2007 11:19:27 +0930
> > David Newall <david@davidnewall.com> escribió:
> >   
> >> Gustavo Chain wrote:
> >>     
> >>> I think it's necessary to reserve some pids to the super user.
> >>> 5 must be sufficient.
> >>>       
> >> Why?  (Sorry if I missed something.)
> >>     
> >
> > ¿ To prevent a posible DoS ?
> >   
> 
> That was what I thought you had in mind; it protects from some kind
> of fork bomb, right?  But it doesn't seem useful unless you guarantee 
> having a process already running (with CAP_SYS_ADMIN) *before* the
> bomb goes off.

Not really, because fork bomb will never reach maximum pid possible.
And root will always have a "slot" to kill desired processes.

-- 
Gustavo Chaín Dumit
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/