Fork bombing a Linux machine as a non-root user

Dave Jones davej at redhat.com
Fri Mar 18 20:25:56 UTC 2005


On Fri, Mar 18, 2005 at 03:18:00PM -0500, Scot L. Harris wrote:

 > And yes there are tools available to help mitigate the potential problem
 > as you pointed out.  But why not set a default limit instead of leaving
 > it open?

Because then we get flooded with "I cant run two copies of openoffice, wtf?",
"concurrent users of ftpd downloading iso's or other large files goes bang"
and many other similar bugs.

 > Kind of like saying it is the admins responsibility to disable
 > open relaying of sendmail instead of having the default configuration
 > setup to deny relaying.  By default fewer people create open relays, it
 > does take a little effort to correctly setup sendmail for a new admin
 > but safer for everyone else.  

Different problemspace as there aren't nowhere near as many good reasons
to run an open-relay as there are to run without ulimits.

 > Set some default limit for maximum number of processes for users that
 > satisfies 90% of the users out there.  The other 10% get to learn how to
 > up those numbers or disable the limit if needed.
 > 
 > Once done this would be a non-issue from then on.

No, it solves one problem and brings a lot of new ones.
One size does not fit all. You have the tools to customise the configuration
as you see fit, use them.

		Dave




More information about the fedora-list mailing list