Re: [PATCH] Reserve N process to root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 10 Oct 2007 09:46:22 EDT, Gustavo Chain said:
> El Wed, 10 Oct 2007 15:14:06 +0930
> David Newall <[email protected]> escribió:
> > That was what I thought you had in mind; it protects from some kind
> > of fork bomb, right?  But it doesn't seem useful unless you guarantee 
> > having a process already running (with CAP_SYS_ADMIN) *before* the
> > bomb goes off.
> 
> Not really, because fork bomb will never reach maximum pid possible.
> And root will always have a "slot" to kill desired processes.

What David meant was that "root will always have a slot" doesn't *actually*
help unless you *also* have a way to actually *spawn* such a process.  In order
to do the ps, kill, and so on that you need to recover, you need to already
have either a root shell available, or a way to *get* a root shell that doesn't
rely on a non-root process (so /bin/su doesn't help here).

Many distros will leave a /sbin/mingetty running on tty1 through tty6, and
you *can* use those to get a root shell.  David's point is that without
something like that already in place, the patch doesn't help....

Attachment: pgp8XIQdbfLpI.pgp
Description: PGP signature

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux