Fork bombing a Linux machine as a non-root user
Les Mikesell
lesmikesell at gmail.com
Sun Mar 20 20:35:06 UTC 2005
On Sun, 2005-03-20 at 14:01, Ben O'Steen wrote:
> How about a third way? The argument so far has been between those that
> want some sort of default ulimit, and those who believe it is up the
> sysadmin to set.
>
> How about if ulimit settings (and perhaps others) were part of the
> anaconda installer? Under/next to the SELinux tab wouldn't be too
> jarring for most people, with a paragraph in the help file just to hint
> at why/why not they should change this.
>
> Or, as you already have them choosing the type of install (Personal
> desktop/ workstation/ server, custom) base the default ulimit setting on
> this, perhaps?
Yes, it could be exposed there, and the installer could even peek
at the CPU speed and available RAM to make some moderately
intelligent default choices. However it will still surprise
people if they clone the system to other equipment (as I often
do) after the first install using either an image or file based
copy.
Keep in mind though, that this is really not a pressing issue. The
potential has existed from the very first unix versions and it
has not been a big enough problem in practice for anyone to worry
about it. It's one of those:
patient: Doctor it hurts when I do this...
doctor: Well don't do that.
kind of things. If you manage a system with unpredictable users
(like in a school), you should already know that you need to tighten
things down. Otherwise if you try to prevent people from doing
bad things you will also prevent them from doing good things.
--
Les Mikesell
les at futuresource.com
More information about the fedora-list
mailing list