standalone-nnrpd "dies" when hitting ressource limits
Sven Paulus
sven at tin.org
Fri Jul 7 15:43:21 UTC 2000
Hi,
the standalone nnrpd parent process dies if there are temporary problems
when it is trying to fork(). This gives evil netizens the possibility to
"shut down" the NNTP port remotely: Just open enough connections in
parallel, so that the process hits the ressource limits (max. number of
file descriptors or processes) and the parent nnrpd exit()s.
No, I don't think wrapper shellscripts are a real solution ...
How about:
--- nnrpd.c.old Fri Jul 7 17:36:05 2000
+++ nnrpd.c Fri Jul 7 17:36:32 2000
@@ -964,8 +964,8 @@
for (i = 0; (pid = fork()) < 0; i++) {
if (i == MAX_FORKS) {
- syslog(L_FATAL, "cant fork %m -- giving up");
- exit(1);
+ syslog(L_FATAL, "cant fork %m -- giving up for this connection");
+ continue;
}
syslog(L_NOTICE, "cant fork %m -- waiting");
(void)sleep(1);
?
This closes the connection when fork()ing has failed MAX_FORKS times and
goes on accepting the next connection (maybe some children died in
between, so there is room for new children).
Sven
More information about the inn-patches
mailing list