fork bomb attack
Andreas Hasenack
andreas at conectiva.com.br
Fri Mar 18 21:01:13 UTC 2005
On Fri, Mar 18, 2005 at 09:09:12PM +0100, Michael Schwendt wrote:
> On Fri, 18 Mar 2005 20:37:39 +0100, Ralf Ertzinger wrote:
>
> > Hi.
> >
> > Dave Jones <davej at redhat.com> wrote:
> >
> > > If we set strict ulimits by default we'd have people writing articles
> > > like "Fedora is teh suck, I can't malloc more than xMB in a single
> > > process" What's fit for one configuration may not be for another.
> > > One size most definitly does not fit all.
> >
> > Especially as the article is quite uninformative about the resource
> > that was exhausted. My FD has a ulimit on the number of processes,
> > and I did not set that, and it has been this way for some time, I think.
>
> The default ulimit on max user processes is so high, it doesn't serve as
> protection. An admin must find much tighter limits to make a box more
> secure against fork bomb DoS attacks.
What are the limits on the BSD machines he used for his tests?
More information about the fedora-devel-list
mailing list