fork bomb attack
Thomas Hille
thomas.hille at nightsabers.org
Sat Mar 19 19:26:26 UTC 2005
Am Samstag, den 19.03.2005, 19:04 +0000 schrieb Carlos Rodrigues:
> Dave Jones wrote:
> > If we set strict ulimits by default we'd have people writing articles like
> > "Fedora is teh suck, I can't malloc more than xMB in a single process"
> > What's fit for one configuration may not be for another.
> > One size most definitly does not fit all.
>
> The BSDs didn't seem vulnerable to this issue, and I don't see people
> going around in circles screaming about it. So, they seem to have chosen
> some "one size fits almost all" limits.
>
> Maybe those could be chosen for Fedora/RedHat too, and let people with a
> need for huge numbers of processes increase them. Those kind of people
> should also know how to do "man ulimit".
>
> When one advocates in favor of unix-like systems (as opposed to Windows
> systems) mentioning "convenience vs. security", it is embarassing to be
> given counter-examples like fork-bombs.
I don't think the BSD guys just choose a good ulimit, it is probably
done in some other way. Maybe something like quotas for cpu time per
user and not only per process. - Just a guess, I don't know.
The thing is, you need only 10 processes wich are very resource hungry
(memory, cpu time and/or hd access) and you get the same result. You
don't need some thousand for that.
But you are absolutely right- "convenience vs. security" is not a good
argument here.
Are there any articles on the net on why BSD and Debian weren't
affected? While there are more and more sites reporting this, none could
come up with any background information.
-Thomas
More information about the fedora-devel-list
mailing list