fork bomb attack
Michael Schwendt
fedora at wir-sind-cool.org
Fri Mar 18 20:09:12 UTC 2005
On Fri, 18 Mar 2005 20:37:39 +0100, Ralf Ertzinger wrote:
> Hi.
>
> Dave Jones <davej at redhat.com> wrote:
>
> > If we set strict ulimits by default we'd have people writing articles
> > like "Fedora is teh suck, I can't malloc more than xMB in a single
> > process" What's fit for one configuration may not be for another.
> > One size most definitly does not fit all.
>
> Especially as the article is quite uninformative about the resource
> that was exhausted. My FD has a ulimit on the number of processes,
> and I did not set that, and it has been this way for some time, I think.
The default ulimit on max user processes is so high, it doesn't serve as
protection. An admin must find much tighter limits to make a box more
secure against fork bomb DoS attacks.
More information about the fedora-devel-list
mailing list