| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1I3fm4-00010y-NL@be1.lrz> Date: Thu, 28 Jun 2007 00:14:08 +0200 From: Bodo Eggert <7eggert@....de> To: Anand Jahagirdar <anandjigar@...il.com>, linux-kernel@...r.kernel.org Subject: Re: Patch Related With Fork Bombing Attack (not CCing security, since it's not a security bug and it's too late to verify if they should be on cc. Will do later.) Anand Jahagirdar <anandjigar@...il.com> wrote: > This patch Warns the administrator about the fork bombing attack > (whenever any user is crossing its process limit). I have used > printk_ratelimit function in this patch. This function helps to > prevent flooding of syslog and prints message as per the values set by > root user in following files:- > > 1) /proc/sys/kernel/printk_ratelimit:- This file contains value for, > how many times message should be printed in syslog. [...] I'm wondering: Can these ratelimits be used to tell real forkbombs from normal oops-i-hit-the-limits? I imagine if you have your private ratelimit, that might just do the trick. Beware: I have no idea on how much such an extra ratelimit would cost, and if having that ratelimit-based detector would actually be a gain. -- Ever notice how fast Windows runs? Neither did I. Friß, Spammer: .w@...gert.dyndns.org N@...0vJB.7eggert.dyndns.org 99aLZMlkFe@...7eggert.dyndns.org Bbga@...pIYua.7eggert.dyndns.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists