this one had all the infrastructure of fork/exec/wait, like the
others, but called system instead of exec creating an extra PID
and associated memory usage during the edit.
Cleaned up all broken occurances found.
Did not check crypto/dist. (filenames imply these are not for exec $EDITOR)
Did not fully check sh and ksh. (lost in twisty mazes of function calls
and finally just assumed it was good)
and did not check gnu/dist/cvs (appears ok by testing with this commit)
and seems like generally sensible (more sensible than not doing so), so done
in generic code rather than compat glue only
Change proposed in PR kern/18767 by Emmanuel Dreyfus.
- leave 5 processes for root-only use, the previous value of 1
was unsufficient to execute additional commands once logged, and
perhaps also not enough to actually login remotely with recent (open)sshd
- protect the log of "proc: table full" with ratecheck(), so that
the message is only logged once per 10 seconds; though syslogd normally
doesn't pass the repeated messages through, this avoids flooding
syslogd and potentially also screen/logs
- If the process hits either system limit of number of processes in system,
or user's limit of same, force the process to sleep for 0.5 seconds
before returning failure. This turns 2000 rampaging fork monsters into
2000 harmlessly snoozing fork monsters.
The sleep is intentionally uninterruptible by signals.
These are not intended as ultimate protection agains fork-bombs.
Determined attacker can eat CPU differently than via repeating
fork() calls. But this is good enough to help protect against
programming mistakes or simple-minded tests.
Based on FreeBSD kern_fork.c change in revision 1.132 by
Mike Silbersack <silby at FreeBSD org>
Change also discussed on tech-kern@NetBSD.org, thread
'Fork bomb protection patch'.
strcmp() by performing path name length comparison first. In the test
with Mozilla, the number was reduced to 1068 from 7182 (yes, we saved
6114 strcmp()!).