sponsored by episec: internet security for the paranoid.

ari edelkind - custom kernel patches

custom patches
custom works

penalty-imposing resource limits

Supported kernels: Linux 2.2.13

This patch adds an additional resource limit to the kernel, RLIMIT_TCPU, allowing the user to impose penalties (in jiffies) on a process that reaches a set amount of cpu time (in 1/100 of a cpu second), thus effectively slowing process execution. It uses a simple algorithm; though it could be improved, it functioned well enough at the time.

To install the patch:

        % tar xvzf linux-2.2.13.tar.gz
        % mv linux linux-2.2.13
        % patch -p0 <linux-2.2.13+cpumod.diff
... or equivalent. Configure and compile as normal; the patch does not add any configuration options.

To compile the interface program (harness):

        % gcc -o harness harness.c -s -Wall

Usage of the interface program:

        % harness
           harness [-L m n] <-g|-e <command> [line]>

        -L s j     set limits: for every s frac-cpu seconds, wait j jiffies
        -g         get current limit info
        -e ...     command line to execute follows (last processed option)

Additional notes:

My original post to the linux kernel mailing list may be found here.


flowpriv: relinquishing privileges on demand

Supported kernels: FreeBSD 5.1-RELEASE-p2

This is a somewhat larger project, and holds its own page.

ari edelkind - [contact]