From owner-freebsd-hackers  Mon Apr 10  1: 5:16 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id 9C28C37B638
	for <freebsd-hackers@FreeBSD.ORG>; Mon, 10 Apr 2000 01:05:11 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id e3A8VdT27768;
	Mon, 10 Apr 2000 01:31:39 -0700 (PDT)
Date: Mon, 10 Apr 2000 01:31:39 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: efficiency of maxproc hardlimit
Message-ID: <20000410013139.R4381@fw.wintelcom.net>
References: <20000410094436.A778@frolic.no-support.loc>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <20000410094436.A778@frolic.no-support.loc>; from bfischer@Techfak.Uni-Bielefeld.DE on Mon, Apr 10, 2000 at 09:44:36AM +0200
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE> [000410 01:15] wrote:
> Hello,
> 
> up till now I was convinced that a proper /etc/login.conf
> provides enough protection against silly dos efforts like
> fork bombs.
> 
> Well, while a hard maxproc of 64 protects very well against
> 
>   echo '#!/bin/sh
>   a &
>   a &' > a; chmod 755 a; ./a
> 
> but it fails to prevent that this
> 
>   main(){fork();main();}
> 
> leaves the machine in an unusable state (it does ping
> back, one may break into the kernel debugger, but no
> io).
> 
> Any way to prevent this (without harming the user)?

Please reread the documentation on limits.

cputime         unlimited
filesize        unlimited
datasize        256MB       <-
stacksize       64MB        <-
coredumpsize    unlimited
memoryuse       unlimited
memorylocked    unlimited
maxproc         4115
descriptors     8232
sockbufsize     unlimited

If appropriate limits are in place and you still get problems
then let us know.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message