limit maximum nr. of processes.

From: Petter Wahlman (petterat_private)
Date: Wed Sep 01 1999 - 01:53:48 PDT

  • Next message: Stas Kisel: "Re: FreeBSD (and other BSDs?) local root explot" 

      This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mimeat_private for more info.

--1203880212-1746911278-936176028=:26470
Content-Type: TEXT/PLAIN; charset=US-ASCII

'lo!

i have made a loadable kernel module that lets you limit the maximum
number of processes members of the group USER_GID can execute.
this can e.g be used to prevent DoS attacks like:

int main()
{
 while(1) fork();
 return 1;
}

Setting the limit is easily done through the proc interface:

arjuna(root):fork~>cat /proc/maxprocs
gid: 500 restricted to: 40 processes

arjuna(root):fork~>echo 64 > /proc/maxprocs

arjuna(root):fork~>cat /proc/maxprocs
gid: 500 restricted to: 64 processes

[The module does currently only support v.2.2.X of the Linux kernel.]

________________________________________________________________________________
Petter Wahlman
bactusat_private

#define QUESTION ((bb) || !(bb))  - Shakespeare.
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA6E616D6C68615720726574746550snlbxq'|dc
________________________________________________________________________________

--1203880212-1746911278-936176028=:26470
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="foo.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.9909011053480.26470at_private>
Content-Description:
Content-Disposition: attachment; filename="foo.c"

LyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKg0KICogc2VjZm9yayB2MS4wYSAtIHBldHRl
ciB3YWhsbWFuIDxiYWN0dXNAc29sLm5vPiANCiAqIA0KICogTGltaXQgdGhl
IG1heGltdW0gbnVtYmVyIG9mIHByb2Nlc3NlcyBtZW1iZXJzDQogKiBvZiB0
aGUgZ3JvdXAgVVNFUl9HSUQgY2FuIGV4ZWN1dGUuDQogKg0KICogY29tcGls
ZToNCiAqICAgIGdjYyBmb28uYyAtRE1PRFVMRSAtRF9fS0VSTkVMX18gLU8y
IC1mb21pdC1mcmFtZS1wb2ludGVyIFwNCiAqICAgICAgICAgICAgICAtV3N0
cmljdC1wcm90b3R5cGVzIC1XYWxsIC1XdW51c2VkIC1jIC1vIHNlY2ZvcmsN
CiAqDQogKiBpbnN0YWxsOg0KICoJCWluc21vZCBzZWNmb3JrDQogKg0KICog
cmVtb3ZlOg0KICoJCXJtbW9kIHNlY2ZvcmsNCiAqDQogKiB1c2FnZToNCiAq
ICAgICAgZWNobyA2NCA+IC9wcm9jL21heHByb2NzICMgc2V0IGxpbWl0IHRv
IDY0IHByb2Nlc3Nlcw0KICoNCiAqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiovDQoNCiNp
Zm5kZWYgX19LRVJORUxfXw0KIyAgZGVmaW5lIF9fS0VSTkVMX18NCiNlbmRp
Zg0KI2lmbmRlZiBNT0RVTEUNCiMgIGRlZmluZSBNT0RVTEUNCiNlbmRpZg0K
DQojaW5jbHVkZSA8bGludXgvY29uZmlnLmg+DQoNCiNkZWZpbmUgX19OT19W
RVJTSU9OX18NCiNpbmNsdWRlIDxsaW51eC9tb2R1bGUuaD4NCiNpbmNsdWRl
IDxsaW51eC92ZXJzaW9uLmg+DQpjaGFyIGtlcm5lbF92ZXJzaW9uIFtdID0g
VVRTX1JFTEVBU0U7DQoNCi8qDQojaWYgQ09ORklHX01PRFZFUlNJT05TPT0x
DQojZGVmaW5lIE1PRFZFUlNJT05TDQojaW5jbHVkZSA8bGludXgvbW9kdmVy
c2lvbnMuaD4NCiNlbmRpZiAgICANCiovDQoNCiNpbmNsdWRlIDxsaW51eC9r
ZXJuZWwuaD4NCiNpbmNsdWRlIDxsaW51eC90eXBlcy5oPg0KI2luY2x1ZGUg
PGxpbnV4L2ZzLmg+DQojaW5jbHVkZSA8bGludXgvbW0uaD4NCiNpbmNsdWRl
IDxsaW51eC9lcnJuby5oPg0KI2luY2x1ZGUgPGxpbnV4L3NjaGVkLmg+DQoj
aW5jbHVkZSA8bGludXgvcHJvY19mcy5oPg0KI2luY2x1ZGUgPGFzbS91YWNj
ZXNzLmg+DQojaW5jbHVkZSA8YXNtL2lvLmg+DQojaW5jbHVkZSA8c3lzL3N5
c2NhbGwuaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KDQpNT0RVTEVfQVVUSE9S
KCJwZXR0ZXIgd2FobG1hbiA8YmFjdHVzQHNvbC5ubz4iKTsNCkVYUE9SVF9O
T19TWU1CT0xTOw0KDQojZGVmaW5lIE1BWFBST0NTCTQwDQojZGVmaW5lIFVT
RVJfR0lECShpbnQpNTAwDQojZGVmaW5lIE1BWERBVEEJCShpbnQpOA0KDQpz
dGF0aWMgdW5zaWduZWQgbG9uZyBtYXhwcm9jcyA9IE1BWFBST0NTOw0KZXh0
ZXJuIHZvaWQgKnN5c19jYWxsX3RhYmxlW107DQphc21saW5rYWdlIGludCAo
Km9sZF9mb3JrKSAoc3RydWN0IHB0X3JlZ3MpOw0KDQpzdGF0aWMgc3RydWN0
IHVzZXJfc3RydWN0IHsNCiAgICAgICAgbG9uZyBjb3VudDsNCiAgICAgICAg
c3RydWN0IHVzZXJfc3RydWN0ICpuZXh0LCAqKnBwcmV2Ow0KICAgICAgICB1
bnNpZ25lZCBpbnQgdWlkOw0KfXVzZXJfdDsNCg0KLyoqKiggbW9kdWxlX291
dHB1dCApKioqLw0Kc3RhdGljIHNzaXplX3QgbW9kdWxlX291dHB1dChzdHJ1
Y3QgZmlsZSAqZmlsZSwgY2hhciAqYnVmLCBzaXplX3QgbGVuLCBsb2ZmX3Qg
Km9mZnNldCkNCnsNCiBzdGF0aWMgaW50IGksIGZpbmlzaGVkID0gMDsNCiBj
aGFyIG1zZ1tNQVhEQVRBKzUwXTsNCg0KIGlmIChmaW5pc2hlZCkgew0KCWZp
bmlzaGVkID0gMDsNCglyZXR1cm4gMDsNCiB9DQoNCiBzcHJpbnRmKG1zZywg
ImdpZDogJWQgcmVzdHJpY3RlZCB0bzogJWxkIHByb2Nlc3Nlc1xuIiwgVVNF
Ul9HSUQsIG1heHByb2NzKTsNCiBmb3IoaSA9IDA7IGkgPCBsZW4gJiYgbXNn
W2ldOyBpKyspIA0KCXB1dF91c2VyKG1zZ1tpXSwgYnVmK2kpOw0KDQogZmlu
aXNoZWQgPSAxOyANCg0KIHJldHVybiBpOw0KfQ0KDQovKioqKCBtb2R1bGVf
aW5wdXQgKSoqKi8NCnN0YXRpYyBzc2l6ZV90IG1vZHVsZV9pbnB1dChzdHJ1
Y3QgZmlsZSAqZmlsZSwgY29uc3QgY2hhciAqYnVmLCBzaXplX3QgbGVuZ3Ro
LCBsb2ZmX3QgKm9mZnNldCkNCnsNCiBzdGF0aWMgY2hhciBkYXRhW01BWERB
VEFdOw0KIGludCBpOw0KDQogZm9yIChpID0gMDsgaSA8IHNpemVvZihkYXRh
KS0xICYmIGkgPCBsZW5ndGg7IGkrKykNCglnZXRfdXNlcihkYXRhW2ldLCBi
dWYraSk7DQogZGF0YVtpXSA9ICdcMCc7DQoNCiBtYXhwcm9jcyA9IHNpbXBs
ZV9zdHJ0b3VsKGRhdGEsIE5VTEwsIDEwKTsNCiByZXR1cm4gaTsNCn0NCg0K
c3RhdGljIGludCBtb2R1bGVfcGVybWlzc2lvbihzdHJ1Y3QgaW5vZGUgKmlu
b2RlLCBpbnQgb3ApDQp7DQogaWYgKG9wID09IDQgfHwgKG9wID09IDIgJiYg
Y3VycmVudC0+ZXVpZCA9PSAwKSkNCglyZXR1cm4gMDsgDQoNCiByZXR1cm4g
LUVBQ0NFUzsNCn0NCg0KaW50IG1vZHVsZV9vcGVuKHN0cnVjdCBpbm9kZSAq
aW5vZGUsIHN0cnVjdCBmaWxlICpmaWxlKQ0Kew0KICBNT0RfSU5DX1VTRV9D
T1VOVDsNCiANCiAgcmV0dXJuIDA7DQp9DQoNCmludCBtb2R1bGVfY2xvc2Uo
c3RydWN0IGlub2RlICppbm9kZSwgc3RydWN0IGZpbGUgKmZpbGUpDQp7DQog
IE1PRF9ERUNfVVNFX0NPVU5UOw0KDQogIHJldHVybiAwOyANCn0NCg0Kc3Rh
dGljIHN0cnVjdCBmaWxlX29wZXJhdGlvbnMgZm9wcyA9IHsNCiAgICBOVUxM
LAkJCS8qIGxzZWVrICovDQoJbW9kdWxlX291dHB1dCwNCgltb2R1bGVfaW5w
dXQsDQoJTlVMTCwJCQkvKiByZWFkZGlyICovDQoJTlVMTCwJCQkvKiBzZWxl
Y3QgKi8NCglOVUxMLAkJCS8qIGlvY3RsICovDQoJTlVMTCwJCQkvKiBtbWFw
ICovDQoJbW9kdWxlX29wZW4sDQoJTlVMTCwJCQkvKiBmbHVzaCAqLw0KCW1v
ZHVsZV9jbG9zZQ0KfTsNCg0Kc3RhdGljIHN0cnVjdCBpbm9kZV9vcGVyYXRp
b25zIGlvcHMgPQ0KICB7DQogICAgJmZvcHMsDQogICAgTlVMTCwJCQkvKiBj
cmVhdGUgKi8NCiAgICBOVUxMLCAJCQkvKiBsb29rdXAgKi8NCiAgICBOVUxM
LCAJCQkvKiBsaW5rICovDQogICAgTlVMTCwgCQkJLyogdW5saW5rICovDQog
ICAgTlVMTCwgCQkJLyogc3ltbGluayAqLw0KICAgIE5VTEwsIAkJCS8qIG1r
ZGlyICovDQogICAgTlVMTCwgCQkJLyogcm1kaXIgKi8NCiAgICBOVUxMLCAJ
CQkvKiBta25vZCAqLw0KICAgIE5VTEwsIAkJCS8qIHJlbmFtZSAqLw0KICAg
IE5VTEwsIAkJCS8qIHJlYWRsaW5rICovDQogICAgTlVMTCwgCQkJLyogZm9s
bG93X2xpbmsgKi8NCiAgICBOVUxMLCAJCQkvKiByZWFkcGFnZSAqLw0KICAg
IE5VTEwsIAkJCS8qIHdyaXRlcGFnZSAqLw0KICAgIE5VTEwsIAkJCS8qIGJt
YXAgKi8NCiAgICBOVUxMLCAJCQkvKiB0cnVuY2F0ZSAqLw0KICAgIG1vZHVs
ZV9wZXJtaXNzaW9uDQogIH07DQoNCnN0YXRpYyBzdHJ1Y3QgcHJvY19kaXJf
ZW50cnkgcHJvY19lbnRyeSA9IA0Kew0KICAgIDAsIDgsDQogICAgIm1heHBy
b2NzIiwgLyogVGhlIGZpbGUgbmFtZSAqLw0KICAgIFNfSUZSRUcgfCBTX0lS
VUdPIHwgU19JV1VTUiwgDQogICAgMSwJCQkvKiBsaW5rcyAqLw0KICAgIDAs
IDAsIAkJLyogdWlkLCBnaWQgKi8NCiAgICAwLAkvKiBzaXplICovDQogICAg
JmlvcHMsIA0KICAgIE5VTEwJCS8qIHJlYWQgZnVuY3Rpb24gLSBpbiBpbm8g
c3RydWN0dXJlICovDQp9OyANCg0KLyoqKiggbmV3X2ZvcmsgKSoqKi8NCmlu
dCBuZXdfZm9yayhzdHJ1Y3QgcHRfcmVncyByZWdzKQ0Kew0KIHN0YXRpYyBp
bnQgbjsNCg0KIGlmIChjdXJyZW50LT51aWQgPT0gMCkgcmV0dXJuIG9sZF9m
b3JrKHJlZ3MpOw0KIGZvciAobiA9IDA7IG4gPCBOR1JPVVBTOyBuKyspDQog
CWlmIChjdXJyZW50LT5ncm91cHNbbl0gPT0gVVNFUl9HSUQpIHsNCgkJaWYg
KGN1cnJlbnQtPnVzZXItPmNvdW50ID49IG1heHByb2NzKQ0KCQkgICAgICAg
IHJldHVybiAtRVBFUk07DQoJCWVsc2UNCgkJCXJldHVybiBvbGRfZm9yayhy
ZWdzKTsNCgl9DQogcmV0dXJuIG9sZF9mb3JrKHJlZ3MpOw0KfQ0KDQovKioq
KCBpbml0X21vZHVsZSAqKiovDQppbnQgaW5pdF9tb2R1bGUodm9pZCkNCnsN
CiBwcmludGsoInNlY2ZvcmsgdjEuMGEgLSBwZXR0ZXIgd2FobG1hbiA8YmFj
dHVzQHNvbC5ubz4uLlxuIik7DQogb2xkX2ZvcmsgPSBzeXNfY2FsbF90YWJs
ZVtfX05SX2ZvcmtdOw0KIHN5c19jYWxsX3RhYmxlW19fTlJfZm9ya10gPSBu
ZXdfZm9yazsNCg0KIHJldHVybiBwcm9jX3JlZ2lzdGVyKCZwcm9jX3Jvb3Qs
ICZwcm9jX2VudHJ5KTsNCn0NCg0Kdm9pZCBjbGVhbnVwX21vZHVsZSh2b2lk
KQ0Kew0KIAlzeXNfY2FsbF90YWJsZVtfX05SX2ZvcmtdID0gb2xkX2Zvcms7
DQoJcHJvY191bnJlZ2lzdGVyKCZwcm9jX3Jvb3QsIHByb2NfZW50cnkubG93
X2lubyk7DQoJcHJpbnRrKCJzZWNmb3JrIHVubG9hZGVkLi5cbiIpOw0KfSAN
Cg==
--1203880212-1746911278-936176028=:26470--

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:08 PDT