Hello All
As per the discussion in the thread with subject as
Patch Related with Fork Bombing Attack on LKML,I have modified my
patch. I request you for the inclusion of my attached patch named
"fork.patch".
Summery of the Patch:
This patch Warns the administrator about the fork bombing attack
(whenever any user is crossing its process limit). I have used
printk_ratelimit function in this patch. This function helps to
prevent flooding of syslog and prints message as per the values set by
root user in following files:-
1) /proc/sys/kernel/printk_ratelimit:- This file contains value for,
how many times message should be printed in syslog.
2) /proc/sys/kernel/printk_ratelimit_burst: - This file contains value
for, after how much time message should be repeated.
This patch is really helpful for administrator/root user from security
point of view. They can take action against attacker by looking at
syslog messages related with fork bombing attack.
Added comments will definitely help developers.
Signed-Off-by: Anand Jahagirdar <[email protected]>
(not CCing security, since it's not a security bug and it's too late to
verify if they should be on cc. Will do later.)
Anand Jahagirdar <[email protected]> wrote:
> This patch Warns the administrator about the fork bombing attack
> (whenever any user is crossing its process limit). I have used
> printk_ratelimit function in this patch. This function helps to
> prevent flooding of syslog and prints message as per the values set by
> root user in following files:-
>
> 1) /proc/sys/kernel/printk_ratelimit:- This file contains value for,
> how many times message should be printed in syslog.
[...]
I'm wondering: Can these ratelimits be used to tell real forkbombs from
normal oops-i-hit-the-limits? I imagine if you have your private ratelimit,
that might just do the trick.
Beware: I have no idea on how much such an extra ratelimit would cost, and if
having that ratelimit-based detector would actually be a gain.
--
Ever notice how fast Windows runs? Neither did I.
Fri?, Spammer: [email protected] [email protected]
[email protected] [email protected]