Supersed killbig-nits Fix print calls in swap.c^page and proc.c^killbig so they make sense and are in a more logical order. Change killbig to not have hardcoded the file server name and instead avoid killing process owned by eve that have non-writeable /ctl. Still not sure exactly where in the rc scripts this line would fit best: for(i in `{ps|grep '(kfs|fossil|venti)'|awk '{print $2}'}) { chmod -w /proc/$i/ctl; } Notes: Mon Jan 23 09:59:22 EST 2006 rsc proc.c.orig:1474,1480 - /n/sources/patch/killbig-nits-2/proc.c:1474,1480 if(s != 0) l += s->top - s->base; } - if(l > max && strcmp(p->text, "kfs") != 0){ + if(l > max && (p->procmode&0222 && !strcmp(eve, p->user))) { kp = p; max = l; } Please don't use !strcmp(x,y) in Plan 9 code. It's difficult to read and easy to get wrong, which I think you did. What you mean is if(l>max && ((p->procmode&0222) || strcmp(eve, p->user)!=0) which gets the procs that have writable ctls or are not owned by eve. You were killing only the procs that have writable ctls AND ARE owned by eve, making it even easier for your supposed malicious users to wreak havoc. proc.c.orig:1487,1493 - /n/sources/patch/killbig-nits-2/proc.c:1487,1493 qunlock(&s->lk); } } - print("%lud: %s killed because no swap configured\n", kp->pid, kp->text); + print("%lud: %s killed by killbig()\n", kp->pid, kp->text); } Killbig is the only function that prints '%lud: %s killed' so printing 'by killbig()' is useless. I applied these changes, with the fixes. I also made killbig kill all the processes sharing the same bss as the guy who got killed, so that if there's a big threaded program, killbig will get all the procs. Russ Reference: /n/sources/patch/applied/killbig-nits-2 Date: Mon Jan 23 02:55:34 CET 2006 Reviewed-by: rsc --- /sys/src/9/port/swap.c Mon Jan 23 02:49:29 2006 +++ /sys/src/9/port/swap.c Mon Jan 23 02:49:26 2006 @@ -160,13 +160,13 @@ qunlock(&p->seglock); } else { + print("no physical memory and no swap configured\n"); if(!cpuserver) freebroken(); /* can use the memory */ else killbig(); /* Emulate the old system if no swap channel */ - print("no physical memory\n"); tsleep(&up->sleep, return0, 0, 5000); wakeup(&palloc.r); } --- /sys/src/9/port/proc.c Mon Jan 23 02:49:46 2006 +++ /sys/src/9/port/proc.c Mon Jan 23 03:47:57 2006 @@ -1474,7 +1474,7 @@ if(s != 0) l += s->top - s->base; } - if(l > max && strcmp(p->text, "kfs") != 0){ + if(l > max && (p->procmode&0222 && !strcmp(eve, p->user))) { kp = p; max = l; } @@ -1487,7 +1487,7 @@ qunlock(&s->lk); } } - print("%lud: %s killed because no swap configured\n", kp->pid, kp->text); + print("%lud: %s killed by killbig()\n", kp->pid, kp->text); } /*