From owner-freebsd-hackers  Sun Feb  3 15: 6:24 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from espresso.q9media.com (espresso.q9media.com [216.254.138.122])
	by hub.freebsd.org (Postfix) with ESMTP id 3C1C437B417
	for <freebsd-hackers@freebsd.org>; Sun,  3 Feb 2002 15:06:22 -0800 (PST)
Received: (from mike@localhost)
	by espresso.q9media.com (8.11.6/8.11.6) id g13N2DZ08920;
	Sun, 3 Feb 2002 18:02:13 -0500 (EST)
	(envelope-from mike)
Date: Sun, 3 Feb 2002 18:02:13 -0500
From: Mike Barcroft <mike@freebsd.org>
To: Mike Makonnen <mike_makonnen@yahoo.com>
Cc: Gaspar Chilingarov <nm@web.am>, freebsd-hackers@freebsd.org
Subject: Re: fork rate limit
Message-ID: <20020203180213.B6496@espresso.q9media.com>
References: <20020202201551.GA89061@mail.web.am> <200202022052.g12KqOM17214@apollo.backplane.com> <20020202223546.GA430@mail.web.am> <200202030754.g137saC40573@blackbox.pacbell.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200202030754.g137saC40573@blackbox.pacbell.net>; from mike_makonnen@yahoo.com on Sat, Feb 02, 2002 at 11:54:36PM -0800
Organization: The FreeBSD Project
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Mike Makonnen <mike_makonnen@yahoo.com> writes:
> On Sun, 3 Feb 2002 02:35:46 +0400
> Gaspar Chilingarov <nm@web.am> wrote:
> 
> > 		I've got such situation on our free shellbox set up in the
> > 		university - some newbies were kidding with old while(1) fork();
> > 		attack. Finnaly they got hit by memory limits set up for each
> > 		user, but anyway they were taking a lot of processor time. I
> > 		prefer to limit some uid's ability to do many forks in some
> > 		short period - like 'no more than 200 forks in 10 seconds' or
> > 		smthng like this.
> 
> Lock them out of the box for a while. If they do it again ban them
> forever. The students will learn pretty quickly not to do such things.

He should be able to pick his own administrative policy.

> This means less work for you, and no need to continuously maintain diffs
> against the kernel sources. IMO it's a *very,very* bad thing to
> introduce changes into the kernel that might introduce unintended side
> effects when the problem can be solved administratively.

Obviously he is intending his changes to be committed; hence, the
patches will be applicable to -CURRENT.  This is an area where FreeBSD
is lacking.  I can't understand why you wish to stifle his work.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message