Re: [PATCH] Reserve N process to root

From: Gustavo Chain
Date: Wed Oct 10 2007 - 09:47:27 EST

Next message: Eric W. Biederman: "Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel"
Previous message: Eric W. Biederman: "Re: [PATCHSET 3/4] sysfs: divorce sysfs from kobject and driver model"
In reply to: David Newall: "Re: [PATCH] Reserve N process to root"
Next in thread: David Newall: "Re: [PATCH] Reserve N process to root"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

El Wed, 10 Oct 2007 15:14:06 +0930
David Newall <david@xxxxxxxxxxxxxxx> escribiÃ:

> Gustavo Chain wrote:
> > El Wed, 10 Oct 2007 11:19:27 +0930
> > David Newall <david@xxxxxxxxxxxxxxx> escribiÃ:
> >
> >> Gustavo Chain wrote:
> >>
> >>> I think it's necessary to reserve some pids to the super user.
> >>> 5 must be sufficient.
> >>>
> >> Why? (Sorry if I missed something.)
> >>
> >
> > Â To prevent a posible DoS ?
> >
>
> That was what I thought you had in mind; it protects from some kind
> of fork bomb, right? But it doesn't seem useful unless you guarantee
> having a process already running (with CAP_SYS_ADMIN) *before* the
> bomb goes off.

Not really, because fork bomb will never reach maximum pid possible.
And root will always have a "slot" to kill desired processes.

--
Gustavo ChaÃn Dumit
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel"
Previous message: Eric W. Biederman: "Re: [PATCHSET 3/4] sysfs: divorce sysfs from kobject and driver model"
In reply to: David Newall: "Re: [PATCH] Reserve N process to root"
Next in thread: David Newall: "Re: [PATCH] Reserve N process to root"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]