Re: Weird SSH attack last night and this morning (still ongoing)

[Valdis.Kletnieks () vt edu]

On Fri, 16 May 2008 17:19:16 EDT, dxp said:

> Correction, one would only need to generate the amount of keys which
> would equal the size of maximum PID value on Linux based system
> (PID_MAX_DEFAULT).  That equals to 32768 (2^15) on 32bit platform or
> more precisely on LP32 data model systems.

That would be very nice, except that many of us are on 64-bit platforms
and can set /proc/sys/kernel/pid_max much higher. include/linux/threads.h says:


/*
 * This controls the default maximum pid allocated to a process
 */
#define PID_MAX_DEFAULT (CONFIG_BASE_SMALL ? 0x1000 : 0x8000)

/*
 * A maximum of 4 million PIDs should be enough for a while.
 * [NOTE: PID/TIDs are limited to 2^29 ~= 500+ million, see futex.h.]
 */
#define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 :         (sizeof(long) > 4 ? 4 * 1024 * 1024 : 
PID_MAX_DEFAULT))

Attachment: _bin
Description: