[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: forkbomb attack



On Nov 30, 2007 5:52 PM, Chris Snook <csnook redhat com> wrote:
> Zhukov Pavel wrote:
> > why modern fedora affected by simple forkbomb attack?
> >
>
> Because it's hard to set static defaults that are reasonable for both a low-end
> laptop and a 16-core server with 128 GB of RAM.  Theoretically we could
> configure the defaults in limits.conf dynamically at installation time, but no
> one has ever cared enough to write the code and test it on the wide range of
> hardware and software configurations required to get it right.
>
> Personally, I find the current settings work just fine.  The only way I can
> forkbomb my old 384 MB, 1-core powerbook is with a synthetic forkbomb, and the
> fix for it is "don't do that".  It survives an accidental forkbomb, such as
> those caused by foolish application handler settings.  If you're running
> arbitrary code from untrusted users, a forkbomb is the least of your problems.
> On my 2-core, 2 GB systems, which is a reasonable minimum target for interactive
> servers allowing logins by semi-trusted users, I can't even synthetically
> forkbomb the box without root privileges.  The most I can do is lock up my X
> server, which is cured by a remote ssh and a kill.  This might be what's
> happening to you.
>
> If you think there's something really wrong, please open a bug with specifics.
>
>         -- Chris
>
> --
> fedora-list mailing list
> fedora-list redhat com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>

hm. for example, can i keep in reserve for example 5% of system
resources for root user?

i just successfully DoS C2D5600/2GB laptop with simple :(){ :|:& };:

:(


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]