Max process count

Wed May 22 05:19:38 AEST 1991

In article <1991May20.175125.5764 at cci632.cci.com> twb at cci632.cci.com (Tom Banister) writes:
>  One of the ways fork() can fail is : "The system-imposed limit on the total
> number of processes under execution by a single user would be exceeded."

There's an interesting set of incompatibilities surrounding this. Under
at least several Ultrix versions, the process limit applies to effective
uids (except, of course, root). This means that you can't safely make
any program setuid to anything except root---after all, if enough users
run the program at once, that uid will hit its process limit and other
users will be denied service.

The real problem with effective uid process limits is that the effective
uid can change across an execve(). The number of processes with a given
real uid will normally (i.e., barring setreuid(geteuid(),getuid()))
change only on fork(), _exit(), or a signal exit; this is not true of
effective uids. On at least one BSD 4.3-derived system, if you make a
setuid-shmoe copy of /usr/bin/sleep, and have a user run it more than
MAXUPRC times at once, the machine will crash as soon as the MAXUPRC+1st
process exits.

It is possible to implement effective uid process limits without such
disasters, but they're still a bad idea. POSIX, fortunately, mentions
limits on the number of processes with a given real uid.

> 2) Is there some way that I can determine; from a user program, how many 
>   processes are running with the same effective user id?

Not portably. If you have my kstuff package (version 0.18 just posted to
alt.sources) and it runs on your machine, and if you have read access to
/dev/kmem, you could imitate the program below. Note that it will not
work under old Ultrix versions, which do not include the effective uid
in struct proc, though the code could be rewritten for that case. The
real uid, p_uid, is more portable.

  [ finding MAXUPRC ]

There's no portable way. On some machines MAXUPRC is a variable; on
others it might vary dynamically.

---Dan

#include <stdio.h>
#include "strerr.h"
#include "proctable.h"
#include "structproc.h"
#include "confhavepsuid.h"

#ifndef HAVE_PSUID
error! error! error!
This program will not work without p_suid in struct proc.
#endif

main()
{
 struct proc *p;
 int i;
 int count;
 int euid;

 euid = geteuid();
 p = getproctable();
 if (!p)
  {
   fprintf(stderr,"numeuidpids: fatal: cannot get process table: %s\n"
     ,strerr(proctablestrerr));
   exit(1);
  }

 count = 0;

 for (i = 0;i < mynproc;++i)
   if (p[i].p_pid)
     if (p[i].p_suid == euid)
       ++count;

 printf("%d\n",count);

 exit(0);
}