Re: File table exhaustion patch

From: Mike Silbersack (
Date: 11/21/02

Date: Thu, 21 Nov 2002 15:29:04 -0600 (CST)
From: Mike Silbersack <>
To: "David G. Andersen" <>

On Thu, 21 Nov 2002, David G. Andersen wrote:

> In PR 45353, I've submitted a patch to reserve a handfull of
> file table entries for root-only use, to mitigate the effects
> of user processes that leak file descriptors:
> Even with per-process file descriptor limits, it's pretty
> easy for a buggy program that does any kind of forking to
> run the system out of file table entries (or for a malicious
> user to do so). The patch above is trivial, and at least
> enables root to login and fix things up a bit. I've been
> running it locally for about a week, and it's happy.
> Is the form of the solution acceptable? (And if so, anyone
> interested in committing it to -current for a while? ;-)
> -Dave

Your patch looks good, I think it could probably go in without any

HOWEVER, we're in a code freeze leading up to 5.0-release, and local DoSes
aren't a critical bug. Hence, I'm going to wait until after 5.0-release
is out the door before I go ahead with committing your patch.

Mike "Silby" Silbersack

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message