Date: Mon, 06 May 2019 00:26:31 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 237715] maxproc needs a default value Message-ID: <bug-237715-227-1IP9GvOMYJ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-237715-227@https.bugs.freebsd.org/bugzilla/> References: <bug-237715-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237715 sigsys@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sigsys@gmail.com --- Comment #1 from sigsys@gmail.com --- It's hard to pick a sensible default though. OpenBSD has default (per architecture) rlimits, which I think is a good idea, but they often have to= be changed. There's kern.maxprocperuid which can default to something calculated based = on hardware resources. It's set a bit lower than maxproc as it is, but not en= ough to protect the system in most cases it seems. A process count limit alone only protects you against accidental fork bombs= .=20 And then again, it probably only protects other users from it, it's pretty = hard to recover your session when you can't spawn more processes. I guess that's the reason it hasn't been done already, it's not a good protection by itself and setting a whole bunch of resource limits is too difficult (and required to set very low per-process limits to be effective before rctl). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237715-227-1IP9GvOMYJ>