| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Jul 2007 09:48:29 +0100 From: Simon Arlott <simon@...e.lp0.eu> To: Anand Jahagirdar <anandjigar@...il.com> CC: linux-kernel@...r.kernel.org Subject: Re: Patch Related with Fork Bombing Attack On 13/07/07 13:39, Anand Jahagirdar wrote: > This patch Warns the administrator about the fork bombing attack > (whenever any user is crossing its process limit). I have used > + printk(KERN_WARNING "User with uid %u is crossing the process limit\n",p->user->uid); I have mentioned this before when it was KERN_CRIT, why is this KERN_WARNING? It seems reasonable to have loglevel at KERN_WARNING, then it'd go to all consoles. Just because a fork bomb would trigger this doesn't mean you can assume it is one and raise its severity. If the limit is working correctly then there is no need to print anything... Also, users can arbitrarily lower their limit at any time and trigger this printk: $ ulimit -Su 0 $ uptime bash: fork: Resource temporarily unavailable If you really think this is needed then the message needs changing, because they haven't actually gone over the limit. I'm not sure how best to word it. What about the other limits? Max memory size and cpu time sound just as important as max user processes to me. -- Simon Arlott - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists