Limit maxprocperuid to 9/10 maxproc, and limit maxfilesperproc to 9/10

maxfiles. This should make local resource exhaustion attacks easier to handle with a non-tweaked setup. MFC after: 3 days
author: silby <silby@FreeBSD.org> 2001-12-13 20:00:45 +0000
committer: silby <silby@FreeBSD.org> 2001-12-13 20:00:45 +0000
commit: dc4fed395a89caee0a44451bce8ea48301e985d2 (patch)
tree: c49a7856eba4f2cffc03fdc7afac9141a97149a1 /sys/kern/subr_param.c
parent: c56ea0b56a5be795de691d6c55523a2f6f7e3241 (diff)
download: FreeBSD-src-dc4fed395a89caee0a44451bce8ea48301e985d2.zip
FreeBSD-src-dc4fed395a89caee0a44451bce8ea48301e985d2.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/subr_param.c b/sys/kern/subr_param.c
index 06a3dc2..4d47f0f 100644
--- a/sys/kern/subr_param.c
+++ b/sys/kern/subr_param.c
@@ -150,8 +150,8 @@ init_param2(int physpages)
 	TUNABLE_INT_FETCH("kern.maxproc", &maxproc);
 	maxfiles = MAXFILES;
 	TUNABLE_INT_FETCH("kern.maxfiles", &maxfiles);
-	maxprocperuid = maxproc - 1;
-	maxfilesperproc = maxfiles;
+	maxprocperuid = (maxproc * 9) / 10;
+	maxfilesperproc = (maxfiles * 9) / 10;
 
 	/*
 	 * Cannot be changed after boot.
author	silby <silby@FreeBSD.org>	2001-12-13 20:00:45 +0000
committer	silby <silby@FreeBSD.org>	2001-12-13 20:00:45 +0000
commit	dc4fed395a89caee0a44451bce8ea48301e985d2 (patch)
tree	c49a7856eba4f2cffc03fdc7afac9141a97149a1 /sys/kern/subr_param.c
parent	c56ea0b56a5be795de691d6c55523a2f6f7e3241 (diff)
download	FreeBSD-src-dc4fed395a89caee0a44451bce8ea48301e985d2.zip FreeBSD-src-dc4fed395a89caee0a44451bce8ea48301e985d2.tar.gz