fork bomb attack
Konstantin Ryabitsev
mricon at gmail.com
Sat Mar 19 14:48:23 UTC 2005
On Sat, 19 Mar 2005 15:20:50 +0100, Kyrre Ness Sjobak
<kyrre at solution-forge.net> wrote:
> But bugs in (preinstalled) system software has also been known to cause
> a resource exhaustion. I had cups do this to me once (try sending a 400
> mb postscript to gimpprint on a 128 MB RAM computer), or print to a
> remote machine called "localhost" - thats effectively a forkbomb...
No, that's a computer with not enough memory. :) We have an OOM-killer
for such cases. A "denial of service" that results when someone tries
to run a large application with insufficient system resources is not a
security concern -- it's a feature. It's the same as trying to buy a
BMW when you only have enough money for a used Ford -- you'll get a
denial of service from the dealership, too. ;)
Besides, you can't ulimit a process running as root anyway. Can you?
Regards,
--
Konstantin Ryabitsev
Zlotniks, INC
More information about the fedora-devel-list
mailing list