[K12OSN] Is Fedora fork bomb attack vulnerable?
Jeff Kinz
jkinz at kinz.org
Fri Mar 18 21:30:50 UTC 2005
On Fri, Mar 18, 2005 at 01:49:18PM -0500, Robert Arkiletian wrote:
> Just read an article on Slashdot about most distros being vulnerable
> to fork bombs. Basically a script which calls itself and allocates
> memory. So it's a recursive attack that launches infinite processes
> bringing the server to its knees. Is k12ltsp proctected from this by
> default?
>
Put "ulimit -u <N>" in one of the system wide start up scripts. this
will limit each user to a maximum of "N" processes .
Make N is large enough for each user to run X-windows plus their
applications. 100 will do it for almost everyone. Its pretty big
without being big enough to let a script run away with the system.
Adjust to fit, YMMV.
--
"The only system which is truly secure, is one which is switched off
and unplugged, locked in a titanium lined safe, buried in a concrete
bunker, surrounded by nerve gas and very highly paid armed guards. Even
then, I wouldn't stake my life on it" - Gene Spafford
(Good thing. the law of unintended consequences: A laptop, w/wireless
NIC and wake on "date" set in the BIOS)
http://kinz.org
http://www.fedoranews.org
Jeff Kinz, Emergent Research, Hudson, MA.
More information about the K12OSN
mailing list