Fork bombing a Linux machine as a non-root user

David Curry dsccable at comcast.net
Sun Mar 20 04:47:12 UTC 2005 

William Hooper wrote:

>David Curry said:
>  
>
>>>The other assumption
>>>is that the person who adds logins and and gives out passwords to others
>>>knows more about whether their access to certain resources should be
>>>limited or if they can be trusted to use the full power of the box.
>>>
>>>
>>>
>>>      
>>>
>>This argument overlooks the specifc kind of concern that prompted the
>>thread originating author to pose his question.  Namely, vulnerability of
>>the system to fork bombing if it is hacked.
>>    
>>
>
>If a system is hacked, a fork bomb is the least of your worries.  Really. 
>Given the choice between a DOS (which will get noticed) or a smart bad guy
>that is going to just quietly monitor everything and control your machine
>without being noticed, I would pick the DOS.
>
>  
>
The thing about hackers, though, is that only they know what it is they 
want to do.  A fork bomb may be a lesser risk than something else, but 
it is nevertheless a risk that many newcomers to linux are unaware of.

>As Dave Jones pointed out (very early in this thread) it is next to
>impossible to pick arbitrary values that will work in all situations.  You
>will either guess too high or too low.
>
>  
>
I am certainly not suggesting that OS distributors are in a position to 
pick arbitrary values that will work in all situations.  Nor am I 
suggesting that they attempt to do so.  Rather, I am saying that for OS 
distributors to set installation defaults at "unlimited" and/or high 
values is tantamount to doing just that.  A better practice would be to 
set installatioin defaults at levels that will clearly support 
installation of the OS, make those default installation values known to 
the ops, and expect ops to address the resource allocation issue at time 
of installation.

>To use your car analogy, would you expect to buy a car and have it's speed
>limited to 35 MPH, because that is the speed limit on the street you
>bought it?
>
>--
>William Hooper
>
>  
>
I expect a car to run at idling speed in neutral gear until I as an op 
decide to use more of the resource available.  At which time, as an op I 
allocate more resources by putting the vehicle into gear and provide 
more fuel to accelerate.

More information about the fedora-list mailing list