fork bomb attack

[Carlos Rodrigues]

Dave Jones wrote:
> If we set strict ulimits by default we'd have people writing articles like
> "Fedora is teh suck, I can't malloc more than xMB in a single process"
> What's fit for one configuration may not be for another.
> One size most definitly does not fit all.

The BSDs didn't seem vulnerable to this issue, and I don't see people 
going around in circles screaming about it. So, they seem to have chosen 
some "one size fits almost all" limits.

Maybe those could be chosen for Fedora/RedHat too, and let people with a 
need for huge numbers of processes increase them. Those kind of people 
should also know how to do "man ulimit".

When one advocates in favor of unix-like systems (as opposed to Windows 
systems) mentioning "convenience vs. security", it is embarassing to be 
given counter-examples like fork-bombs.

-- 
Carlos Rodrigues

url: http://tudo-sobre-nada.blogspot.com