and seems like generally sensible (more sensible than not doing so), so done
in generic code rather than compat glue only
Change proposed in PR kern/18767 by Emmanuel Dreyfus.
- leave 5 processes for root-only use, the previous value of 1
was unsufficient to execute additional commands once logged, and
perhaps also not enough to actually login remotely with recent (open)sshd
- protect the log of "proc: table full" with ratecheck(), so that
the message is only logged once per 10 seconds; though syslogd normally
doesn't pass the repeated messages through, this avoids flooding
syslogd and potentially also screen/logs
- If the process hits either system limit of number of processes in system,
or user's limit of same, force the process to sleep for 0.5 seconds
before returning failure. This turns 2000 rampaging fork monsters into
2000 harmlessly snoozing fork monsters.
The sleep is intentionally uninterruptible by signals.
These are not intended as ultimate protection agains fork-bombs.
Determined attacker can eat CPU differently than via repeating
fork() calls. But this is good enough to help protect against
programming mistakes or simple-minded tests.
Based on FreeBSD kern_fork.c change in revision 1.132 by
Mike Silbersack <silby at FreeBSD org>
Change also discussed on tech-kern@NetBSD.org, thread
'Fork bomb protection patch'.
until after wakeup event, so we can't clear the SI_COLL flag
in selrecord(). Thus, effectively back rev. 1.57 off.
Problem reported in PR kern/17517 by David Laight, program triggering
the problem is in regress/sys/kern/poll/poll3w.c.
need to reparent the process to initproc, so that child wouldn't
have its p_pptr pointer still pointing on the exited parent
pointed out by Dave Sainty in private mail (the patch in kern/14443
didn't have this bug)
in this case, and even if not, the process would be already woken up by the
wakeup() call
change sent as part of kern/17517 by David Laight
XXX perhaps should KASSERT() sel_pid is zero in the SI_COLL case
the same file multiple times because of recursive loading (ie: libx require
liby and libz and liby require libz, so libz would be loaded twice)
This is probably suboptimal, but it enable /bin/sh to load on the PowerPC,
so it's a good interim solution until we figure precisely how things should
work.
I'm not sure whether this makes the excessive recursive check useless or not.
reparented back to original parent before it's killed.
This makes the original parent aware that the child has exited if
the debugger failed to wait() on the debugged zombie before exiting.
Since we clear tracing flags before killing the child, the reparenting
logic in wait4() wouldn't be triggered, so it's necessary to do it here.
Problem reported and fix provided in kern/14443 by David Sainty.
macho_hdr, argc, *argv, NULL, *envp, NULL, progname, NULL,
*progname, **argv, **envp
Where progname is a pointer to the program name as given in the first
argument to execve(), and macho_hdr a pointer to the Mach-O header at
the beginning of the executable file.
backed by physical pages (ie. because it reused a previously-freed one),
so that we can skip a bunch of useless work in that case.
this fixes the underlying problem behind PR 18543, and also speeds up fork()
quite a bit (eg. 7% on my pc, 1% on my ultra2) when we get a cache hit.
original system call number, which can be negative for a Mach trap.
We cannot just replace code by realcode, because ktrsyscall uses it as
an index in the system call table, thus crashing the kernel when the
value is negative.
this gives:
* linux sysconf(_SC_CLK_TCK) gives correct value for linux binaries (hz)
even if hz != 100
* glibc gets proper information on real/effective uid and enables
secure mode for suid binaries
g/c LINUX_COPYARGS_FUNCTION, replaced by linux ELF copyargs function
g/c alpha-specific linux ELF copyargs function and linux ELF defines
device. Should help performance when no fingerprints are loaded.
* Back down the securelevel, now securelevel of 2 will make lack of
fingerprint or fingerprint mismatch a fatal error. Previously this
was done at securelevel 3 or greater.
and friends should either be made first-class citizens and moved
to an include file (systm.h perhaps), or nuked completely, but
not be redefined in a lot of files.
that can be used to block a process after fork(2) or exec(2) calls. The
new process is created in the SSTOP state and is never scheduled for running.
This feature is designed so that it is esay to attach the process using gdb
before it has done anything.
It works also with sproc, kthread_create, clone...
in the event that it needs to use a special VM range (x86_64 falls
into this category). We fall back onto kernel_map if machine-dependent
code doesn't create a special map.