twb@cci632.cci.com (Tom Banister) (05/21/91)
One of the ways fork() can fail is : "The system-imposed limit on the total number of processes under execution by a single user would be exceeded." I have several questions about that. 1) Does that mean all processes with the same effective user id would be counted, or all processes from a single login? I tend to believe it's all processes with the same effective user id. 2) Is there some way that I can determine; from a user program, how many processes are running with the same effective user id? 3) How can I determine from a user program what the maximum number of processes is? On the Sun's here <sys/param.h> has a MAXUPRC, but that #define does not exist on the SysV machines here. Besides, I'd like to know the maximum at run time, not the last time the kernel was compiled. Yes, I know that I could fork() until EAGAIN is returned and count the fork()'s, but that's pretty shoddy. Thanks in advance for all useful responses. -- Thomas W. Banister twb@cci.com Analysts International Corp. {rit,uupsi}!cci632!twb 205 Saint Paul Street Rochester, New York 716-325-6640
brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (05/22/91)
In article <1991May20.175125.5764@cci632.cci.com> twb@cci632.cci.com (Tom Banister) writes: > One of the ways fork() can fail is : "The system-imposed limit on the total > number of processes under execution by a single user would be exceeded." There's an interesting set of incompatibilities surrounding this. Under at least several Ultrix versions, the process limit applies to effective uids (except, of course, root). This means that you can't safely make any program setuid to anything except root---after all, if enough users run the program at once, that uid will hit its process limit and other users will be denied service. The real problem with effective uid process limits is that the effective uid can change across an execve(). The number of processes with a given real uid will normally (i.e., barring setreuid(geteuid(),getuid())) change only on fork(), _exit(), or a signal exit; this is not true of effective uids. On at least one BSD 4.3-derived system, if you make a setuid-shmoe copy of /usr/bin/sleep, and have a user run it more than MAXUPRC times at once, the machine will crash as soon as the MAXUPRC+1st process exits. It is possible to implement effective uid process limits without such disasters, but they're still a bad idea. POSIX, fortunately, mentions limits on the number of processes with a given real uid. > 2) Is there some way that I can determine; from a user program, how many > processes are running with the same effective user id? Not portably. If you have my kstuff package (version 0.18 just posted to alt.sources) and it runs on your machine, and if you have read access to /dev/kmem, you could imitate the program below. Note that it will not work under old Ultrix versions, which do not include the effective uid in struct proc, though the code could be rewritten for that case. The real uid, p_uid, is more portable. [ finding MAXUPRC ] There's no portable way. On some machines MAXUPRC is a variable; on others it might vary dynamically. ---Dan #include <stdio.h> #include "strerr.h" #include "proctable.h" #include "structproc.h" #include "confhavepsuid.h" #ifndef HAVE_PSUID error! error! error! This program will not work without p_suid in struct proc. #endif main() { struct proc *p; int i; int count; int euid; euid = geteuid(); p = getproctable(); if (!p) { fprintf(stderr,"numeuidpids: fatal: cannot get process table: %s\n" ,strerr(proctablestrerr)); exit(1); } count = 0; for (i = 0;i < mynproc;++i) if (p[i].p_pid) if (p[i].p_suid == euid) ++count; printf("%d\n",count); exit(0); }