From owner-freebsd-hackers Tue Feb 5 13:13:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.web.am (wizard.web.am [217.113.0.66]) by hub.freebsd.org (Postfix) with SMTP id 38E0537B429 for ; Tue, 5 Feb 2002 13:13:43 -0800 (PST) Received: (qmail 86252 invoked from network); 5 Feb 2002 21:26:29 -0000 Received: from unknown (HELO nm.web.am) (217.113.3.27) by wizard.web.am with SMTP; 5 Feb 2002 21:26:29 -0000 Received: (from nm@localhost) by nm.web.am (8.11.6/8.11.4) id g15LDwm01697; Wed, 6 Feb 2002 01:13:58 +0400 (AMT) (envelope-from nm) Date: Wed, 6 Feb 2002 01:13:58 +0400 From: nm To: Dan Nelson Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: fork rate limit Message-ID: <20020205211358.GA407@mail.web.am> References: <20020202201551.GA89061@mail.web.am> <200202022052.g12KqOM17214@apollo.backplane.com> <20020202223546.GA430@mail.web.am> <200202030754.g137saC40573@blackbox.pacbell.net> <20020203160433.A10920@mail.slc.edu> <20020203223946.B13336@mail.slc.edu> <20020204175616.A1056@mail.slc.edu> <20020204181724.B1633@mail.slc.edu> <20020204233550.GE88948@dan.emsphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020204233550.GE88948@dan.emsphone.com> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG First of all, thanks to all for telling their opinions :) I prefer to enforce both some preventive software measures as well administrative ones. But i do not what that some kiddie/newbie/clueless one to take down box that is shared among many other students as well. After listening to your all opinions I'm sure that this is to be implemented. i'll go on. -skip- -> Killing off parent procs could really upset a regular user who is -> running ./configure, which could easily spawn a couple undred processes -> in 10 seconds. Maybe simply delay the fork() until the rate drops? -> -> -- -> Dan Nelson -> dnelson@allantgroup.com First of all I suggest not to kill parent, but childs. They must die with EAGAIN error, as manual page fork(2) describes. If we will delay forks we will exhaust all kernel memory promptly. Second - i specially told about 2 limits - how many processes to spawn and in what time range - i.e. you can allow '1000 process for 60 secs' and it'll allow ./conifgure to run. [IMPLEMENTATION QUESTIONS] Can i suggest that rlim_t is at least 32 bit long ? I want to pack process limit and period length in one double word. (for example 16 bits for process count limit and 16 - for time, is gives range from 1 fork in 18 hours:) to 2^16 forks in 1 second) Or i should create 2 different RLIMIT_ constants ? thanx in advance -- Gaspar Chilingarov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message