[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Oct 2007 23:43:16 +0930
From: David Newall <david@...idnewall.com>
To: Gustavo Chain <g@...f.cl>
CC: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Reserve N process to root
Gustavo Chain wrote:
> El Wed, 10 Oct 2007 15:14:06 +0930
> David Newall <david@...idnewall.com> escribió:
>
>> Gustavo Chain wrote:
>>
>>> El Wed, 10 Oct 2007 11:19:27 +0930
>>> David Newall <david@...idnewall.com> escribió:
>>>
>>>
>>>> Gustavo Chain wrote:
>>>>
>>>>
>>>>> I think it's necessary to reserve some pids to the super user.
>>>>> 5 must be sufficient.
>>>>>
>>>>>
>>>> Why? (Sorry if I missed something.)
>>>>
>>>>
>>> ¿ To prevent a posible DoS ?
>>>
>>>
>> That was what I thought you had in mind; it protects from some kind
>> of fork bomb, right? But it doesn't seem useful unless you guarantee
>> having a process already running (with CAP_SYS_ADMIN) *before* the
>> bomb goes off.
>>
>
> Not really, because fork bomb will never reach maximum pid possible.
> And root will always have a "slot" to kill desired processes.
>
This is like pulling teeth: painful.
I don't think you have satisfactorily explained why it's necessary. "To
prevent a possible DoS" isn't sufficient by itself. I think you should
explain the scenarios you have in mind.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists