fork bomb attack

[Konstantin Ryabitsev]

On Fri, 18 Mar 2005 21:23:31 -0700, Tyler Larson
<fedora-devel at tlarson.com> wrote:
> Fork bombs have always been of little concern to admins. They do
> relatively little damage and are completely traceable. The perpetrator
> does little more than land himself in a lot of hot water. In most cases,
> the threat of disciplinary action is enough protection--it's not an
> attack that can be launched anonymously.

I fully agree. We have a very effective way of dealing with fork bombs
and other user stupidity and/or misguided maliciousness -- an
Acceptable Usage Policy with a Termination clause, and a handy steel
pipe to perform the actual termination.

If you have a piece of infrastructure that will suffer if a user
drains it of resources, then you shouldn't have users logging in to
that machine in the first place. If it's a shared resource for users
whom you don't entirely trust, then by all means, set up various
limits, but I don't think ulimits should be enabled on a default
installation. After all, that machine with all its resources is there
precisely because someone needs to use it (and in case of physicists
-- to abuse it. Badly.).

Regards,
-- 
Konstantin Ryabitsev
Zlotniks, INC